FCC ID: A8J-ECW336 11ax Cloud Managed AP

ECW336 Cloud User Manual What is EnGenius Cloud?

EnGenius Cloud is a modern cloud-based management platform, where teams manage wireless/wired network devices with a state-of-the-art visualized GUI and features for AI and serverless technologies. Other Languages:

Before You Begin To start using the EnGenius Cloud service, you must prepare the following:

At least one supported EnGenius Cloud wireless access point or switch. An existing network with an Internet connection including DHCP and DNS configuration. You can also install the "EnGenius Cloud" mobile app (available for both iOS and Android) for easier device registration and monitoring. Supported Web Browsers The EnGenius Cloud is primarily accessible with a web browser. Before signing up for the EnGenius Cloud service or logging on to the web interface to manage your network, first verify that you are using a supported browser. The following table lists the web browsers that EnGenius Cloud supports:

Browser Google Chrome Mozilla Firefox Microsoft Edge Release 57.0.2987.110 and later 52.0 and later 80.0.361.103 and later If you use an unsupported web browser, you may experience issues displaying elements on the web interface. Getting Started This session will assist you in setting up a new network on the EnGenius Cloud web application. For easier, faster setup, use the EnGenius Cloud for iOS or EnGenius Cloud for Android mobile apps. No matter which version you start with, you can always switch seamlessly between the web and mobile. This article is not meant to be a comprehensive list of everything EnGenius Cloud, but rather a stepping stone to get started in the most informed way possible. Signing Up Before you start to manage EnGenius devices, you must first sign up for the service. Registering EnGenius Cloud is similar to other web-based platforms and can be done either with a social media account (e.g. Google or Facebook) or by creating an account from scratch. You will need to provide your email address, company name, physical address, and phone number. Furthermore, you must determine the country in which your account will be hosted. That is, all relative device information, user configurations, and client statistics will be kept in the corresponding region of servers (Oregon for US and Frankfurt for other countries). This enables EnGenius Cloud to protect customer data and comply with requirements like GDPR for customers within the European Union. Support for signing up with EnGenius Partner Portal is already available. Logging On Once your account has been created, you can login to EnGenius Cloud in the following steps:

1. Open a web browser to https://cloud.engenius.ai/ . This will bring up the main login page. 2. Enter your EnGenius Cloud email address and password and click the Sign in button. 3. For EnGenius Partner who has account on EnGenius Partner Portal already, you can simply click on "E Partner" button, and EnGenius Partner Portal will pop up login page for you to use Single-Sign-On capability of Partner Portal to log on to EnGenius Cloud 4. For Google and Facebook users, you can also click on "Google" or "Facebook" button to use your account on Google and Facebook to log on to EnGenius Cloud 5. EnGenius Cloud will create a new default Organization and Network for every new account based on the email address as unique user identification. (note: If someone is invited to an Organization or Network, this account won't have default Organization and Network.) If you have multiple accounts created on EnGenius Cloud, EnGenius Cloud will merge your accounts based on the "email address" of the account. For example, if you have created a new account on EnGenius Cloud using the same email address as your google account, then you're able to login to this email account either through Google account authentication with Google account password, or through EnGenius Cloud Login with the password while you created the EnGenius Cloud account. Registering Devices to Organization Register a device to EnGenius Cloud inventory by using the serial number located on the device. Registering a device Registering devices with a serial number is easy. Just enter the serial numbers of your devices, one per line, then click the Register button. Assigning Devices to Network Before devices on EnGenius Cloud can be managed and configured, they must first be added to a network that you have created. Adding Devices to a Network 1. Navigate to Organization > Inventory. 2. Select one or multiple devices as required. 3. Click Assign to Network. Device Setup This section will provide device setup information to let users prepare ECW access points and ECS switches for device integration with EnGenius Cloud. ECW AP Installation ECW AP Package Contents ECW120 Package Contents ECW220/230/ECW 336 Package Contents

-ECW215 ECW215 Package Contents Minimum Access Requirement Power source option - An ECW AP device can be powered by an 802.3af/at-compliant PoE device or by DC12V input Do not use both power sources at the same time. Ethernet port:

LAN (PoE): Uplink port accepts an 802.3af/at power source. LAN2: Data link if this port is built on a device. Connect the AP to Internet:

You need to find a way to let the Cloud AP be able to access internet, so it can be managed by EnGenius Cloud. Connect the uplink LAN port to a switch port or port of router: This is the most common way to let AP be able to access Internet. (Note: please make sure the port is internet accessible by connecting a notebook to the port and browse the internet) Use your existing Cloud-managed ECW AP to mesh the new AP: Sometimes the place the AP installed is not accessible with Ethernet cable, then you can leverage EnGenius Mesh technology to mesh the new AP to your existing cloud-managed ECW AP. After internet connected, you will see Power LED blinking until the AP is able to communicate with EnGenius Cloud and the LED becomes steady lid. Usually it will take about 8 mins if there is new firmware available to upgrade. If the LED keeps blinking, then there could be some issues like no IP address, or local proxy server setting required...etc. To set static IP or Proxy, or managed VLAN, you can login to Local Access Page through Managed SSID of the AP. ECS Switch Installation ECS Switch Package Contents Connecting to ECS Switch A) Connect the supplied power adapter (or power cord) to the switch and plug the other end into an electrical outlet. Verify the power LED indicator is lit on the switch. Wait for the switch to complete boot up. It might take few minutes to complete the process. B) Connect one end of a category 5/6 Ethernet cable into the gigabit (10/100/1000) Ethernet port on the switchs front panel and the other end to the Ethernet port on the computer. Verify that the LED on the Ethernet port of the switch is green. Login to the ECS Switch Local Access Page The switch's default IP address setting is DHCP client mode, which will get an IP address from the DHCP server. It will automatically change to static IP address assignment if the switch cannot get an IP address from the DHCP server within two minutes of booting up. If your switch cannot get an IP address from local DHCP server, or you would like to use static IP address assignment, you may follow the below procedures to manage your computer connection to the switch via a static IP address. IP address configuration on your computer:

A) Once your computer is on, configure the settings of your network adapter. Open Network Connections >

Local Area Connection > Internet Protocol Version 4 (TCP/IPv4) > Properties B) Select Use the following IP address and make the following entries:

IP Address: 192.168.0.10 (or any address in the 192.168.0.x network) Subnet mask: 255.255.255.0 Login to ECS Switch A) Open a web browser on your computer. In the address bar of the web browser, enter the ECS switch IP address and hit enter. B) The default username is admin and the password is password. We strongly recommend that you

*Your model number may be different in the web browser interface. C) ECS Switch local access page will appear. Instead of default DHCP settings on ECS switch, users may choose a static IP address setting for their deployed network. Remember to open System > Static Route to setup the static IP address/gateway settings on the switch in this case. QIG ECW AP QIG_ECW120_ECW220_ECW230.pdf 2MB PDF ECW120_ECW220_ECW 230_QIG QIG_ECW115.pdf 2MB PDF QIG_ECW160.pdf 2MB PDF ECS Switch ECS_QIG.pdf 2MB PDF ECW115_QIG ECW160_QIG ECS_Switch_QIG Troubleshooting ECW AP 1. Check the LED Status to see if any problem encountered. If Power LED keeps flashing for over 10 minutes, then there could be Cloud connection issues. 2. Use your mobile phone to scan if Default SSID of the AP found. (you have to be around the AP location) From the Default SSID, you can also identify which stage the AP is stuck on. See details of Default SSID. 3. To troubleshoot the connection issue, you may login to Local page:

1. Use your client device (e.g., a laptop, mobile device, or tablet) to the SSID: EnMGMTxxxx

(xxxx is the last four digits of LAN MAC which can be found on the back of the device) and connect to it. 2. Enter the URL in web browser: http://EnGenius.local or the IP 192.168.1.1 to access the devices user interface. You can review device status after logging into the AP with the default account/password ( default admin account/ password : admin/ admin.) Issue: Cannot find Default SSID 1. Check for available wireless networks (Check if a known default SSID is being broadcast). 2. If a default SSID is being broadcast, connect your device to it. 3. If no known default SSIDs are present, set up a manual wireless network connection. For the SSID name, use 'EnMGMT', e.g. 'EnMGMTxxxx', where the x's are replaced with the last four digits of the LAN MAC address. 4. After connecting, open a web browser and connect to one of the local access page addresses. LED Status Status Cloud Connected Connecting to Cloud No LAN Physical Connection LAN Connected LAN Transmitting Wi-Fi Interface On ECW120 LED LED / Color Power LED Orange Power LED Orange LAN LED Blue LAN LED Blue LAN LED Blue 2.4G / 5G Blue/Green 2.4G / 5G State Solid On Flash Off Solid On Flash Solid On Wi-Fi Transmitting Firmware Upgrade Mesh Enabled Blue/Green All LED's Mesh LED Blue Flash Flash Flash ECW115 LED Status Power Up AP Waiting Period (before being added to Cloud) Connected to Cloud Reset to Default LED Color Orange Orange Blue Blue Error or Disconnected Orange State Static Flash (slow) Static Flash (quick) Flash (quick) Firmware Upgrading Orange/Blue Flash Default SSIDs Default SSIDs (only available before ECW AP is managed by EnGenius Cloud) Potential known default SSID names along with potential causes/solutions:

EnMGMTxxxx-Initializing Cause: AP is in bootup sequence. EnMGMTxxxx-SSID_name>-No_Eth Cause: AP does not have an Ethernet connection. Solution: Check if the Ethernet cable is unplugged. EnMGMTxxxx-No_IP Cause: AP cannot get an IP address from the DHCP server. Solution: Check the AP's IP address configuration. EnMGMTxxxx-IP_Conflict Cause: APs IP address conflicts with another devices IP in the same network. Solution: Check the AP's IP address configuration. EnMGMTxxxx-Gateway_ERR Cause: AP is unable to connect to its default gateway. Solution: Check the AP's IP address configuration and connectivity to its default gateway. EnMGMTxxxx-Proxy_ERR Cause: AP could not access Internet through an HTTP/HTTPS proxy. Solution: Check the APs proxy configuration in Miscellaneous Settings. EnMGMTxxxx-DNS_ERR Cause: AP could not resolve the domain name from the DNS server. Solution: Check the AP's IP address configuration. EnMGMTxxxx-Cloud_ERR Cause: Everything appears to work normally, but device is unable to connect to cloud server. Solution:

Check cloud server status with EnGenius. EnMGMTxxxx-No_Cloud_Configure Cause: APs S/N has not been added to any network. Solution: Check whether the AP has been added in the inventory and has been added to a network. EnMGMTxxxx-Cloud_Configured Everything is working as it should!

EnMGMTxxxx Cause: An AP has never connected to the EnGenius cloud or has been factory reset. Login to Local Access Page If you have problem getting the access point to Cloud, you can login to Local Access Page to do IP settings and diagnostics. 1. Use your client device (e.g., a laptop, mobile device, or tablet) to find the SSID: EnMGMTxxxx (xxxx is the last four digits of the MAC address, found on the back of the device) and connect to it. 2. Under your web browser, enter the URL http://EnGenius.local or the localhost IP address (192.168.1.1) to access the devices user interface. You can review device status after logging into the AP with the default admin account/password (default account & password: admin/admin) By default, EnGenius cloud access points (ECW series) are assigned an IP address dynamically by the DHCP server. If you encounter issues with IP address assignment, please double check that the IP settings include IP address, subnet mask, gateway, proxy, and management VLAN. If any issues still exist, you may change your IP assignment from "DHCP mode" to "Static IP" via the following procedure:

ECW AP's Local Access Page By default, EnGenius cloud access points (ECW series) are assigned an IP address dynamically by the DHCP server. If you encounter issues with IP address assignment, please double check that the IP settings including IP address, subnet mask, gateway, proxy, and management VLAN. If any issues still exist, you may change your IP assignment from "DHCP mode" to "Static IP" via the following procedure:

a) Select Local Setting on this page. b) Change IPv4 setting from AS DHCP client to Use Static IP c) Configure the IP address, gateway, net mask, and proxy policy as required. d) Reconnect this device to the LAN again if necessary. Local Access Page Options Every device's status page includes useful information about the status of the device, basic configuration options (such as setting a static IP), and other tools. The following section will explain the items available on the device status page. ECW Access Points provide the following information and configuration options on their local status page:

Device Status Section Contains information regarding the device overview, EnGenius Cloud overview, and network connectivity information. Device Status on Local Access Page Device Overview Provides information regarding the name, model, serial number, IP address, MAC address, and current firmware. Cloud Overview Provides information about the Cloud registration status, date of registration, and time of last update. Network Connectivity Provides connectivity information to local network, Internet, and EnGenius Cloud. Local Setting Section Provides settings for IPv4 / IPv6 address, management VLAN, firmware upgrade, and other miscellaneous configuration items (such as HTTP/HTTPS Proxy). Users can also reboot the device or reset the device to factory default settings from here. Local Setting on Local Access page The HTTP proxy only allows all default management traffic from the EnGenius ECW device to be sent through a proxy. Label information ECW AP's The first step is to get the serial numbers of the Cloud equipment you want to add to your cloud account. The serial number can be found on the box of the Cloud AP (ECW) or Cloud switch (ECS). An example of each is below:

Fig 1: ECW Serial number on box 1. Model number of ECW AP 2. Serial Number of ECW AP (This string of information that is added in the Cloud GUI) 3. Hardware version on ECW AP The serial number for an ECW AP can also be found on the sticker on the back on the unit (check where you plug in the Ethernet cords into the ECW AP) Below is an example of the sticker on the back on an ECW220 AP. Fig 2: Back of AP As you can see the sticker on the back of the AP has the MAC address of the AP as well. It has the following Fig 3: Sticker on back of ECW AP items:

1. Model of AP 2. Serial number of ECW AP (This string of information that is added in the Cloud GUI) You can also find the serial number of the ECW AP In the GUI of the ECW AP, when you login into the unit. Highlighted below is the information needed to add the AP to the Cloud GUI, if the information is obtained via login to the ECW AP locally in the web GUI. Fig 4: Local Login information 1. Model of the AP 2. Serial Number of ECW AP (This string of information that is added in the Cloud GUI) 3. Firmware version the AP is currently running ECS Switches Below is the sticker that is on the box of the ECS switch Fig 5: Sticker on the ECS box 1. Model of the ECS switch 2.Serial Number of ECW AP (This string of information that is added in the Gloud GUI) 3. Hardware version of the ECS switch 4.Firmware version that the switch came shipped with Below is the information you find when you login to the ECS switch locally and go to System > Summary from the left hand column. Fig 7: ECS Switch local login screen 1. Model of ECS Switch 2. Serial Number of ECW AP (This string of information that is added in the Gloud GUI) 3.Firmware version the switch is currently running Working with Organization Trees EnGenius Cloud adopts an organization tree structure to let user define the scope of their managed networks. All device managing or monitoring functions can be applied to different scopes as laid out in the user's tree. That gives VAR or MSP users great flexibility in managing their networks. The current organization tree structure consists of three levels, from largest to smallest:

Organization - A grouping of one or more hierarchies under the umbrella of a single license. Hierarchy View - A cluster of networks, which may be geographically concentrated or spread out. Network - A set of network devices united by a single configuration set. The organization tree definition is shown on the top left corner of the web GUI as follows:

How-to Videos How to build your company networks in EnGenius Cloud https://www.youtube.com/watch?v=sN2y44Yzi7s&feature=youtu.be&t=5 Organization A collection of hierarchy views and networks that are part of a single organizational entity, such as a company or school district. Each organization is the owner of a single license. Adding an organization Click Menu > Create Organization button to create organization Edit Organization Edit a organization if you need to update any its current settings (for example, if you want to change the Organization name, Country, TimeZone.) Follow these steps to edit a Organization. 1. Click Menu > Find the Organization you want to edit > Edit 2. Update Network Settings as required 3. Click Apply Delete Organization If you no longer need a Organization that you previously created, you can delete it. Follow these steps to delete a organization 1. Click Menu > Find the Organization you want to edit > Delete 2. Popup is displayed and click Confirm Hierarchy View A hierarchy view is a group of networks and/or nested hierarchy views. It follows a tree-like structure much like folders on your computer's operating system. Adding a hierarchy view You can create hierarchy views for a new organization or an existing organization, or even within an existing hierarchy view. Click Menu > Choose organization or hierarchy view > Add hierarchy view Edit hierarchy views 1. You can edit the name of a hierarchy view name by clicking Menu > Choose hierarchy view > Edit 2. Change the Hierarchy View name and click Apply. Delete Hierarchy View You can delete hierarchy views by clicking Menu > Choose hierarchy view and then clicking on the garbage icon. Network A network contains a list of devices and relevant information, such as configuration, SSID, radio settings, and firmware upgrade history. Each network contains a single configuration set for its devices, so if you have multiple configurations for devices, you can create a separate network to handle that. Adding a network 1. Click Menu > Choose organization or hierarchy > Create network 2. Enter a name for the network, select the country, time zone, and then click Create. If total networks in an Organization are more than 500, Users might experience unexpected slow responses or issues on Cloud. Edit Network Network name, country, and timezone can be edited as needed. Follow the steps below to edit a network. Choose network > Edit Delete Network If you no longer need a network that you previously created, you can delete it. Follow these steps to delete a network. 1. Click Menu > Choose network > Delete 2. Popup is displayed. Click Confirm. Managing Devices Managing Access Points Once you created Orgs and Networks to define the scope of managed networks, next step is to add the devices to the managed network and manage them. To manage the Access Points in a Network, trigger the toolbar menu at the left-hand side: Manage > Access Points. Add an AP to Network Click on Add from Inventory button. You can then pick the devices registered to the Org previously and add them to current Network. Must Know:

One device can only be added to one network. All devices in the same network should apply the same network-wide settings except the settings are overridden individually. Tips:

when you have multiple Org/Networks, you can stay in the AP list page and directly change the scope of Org/Networks. The system would lead you to different AP list pages quickly. Quickview Panel Single click on the row of a AP (anywhere but hyperlink). It invokes a Quickview Panel that helps showing important status and key configurations for you. User can quickly finetune settings and do comparisons among different APs without going in and out different pages. Customize Radio Settings It's pretty common that for some cases you need to set channel or Tx power for specific APs. This would require the capability to override network's default radio settings. Follow these steps to customize the radio settings for an AP. 1. Choose an access point from the list to show its expanded settings. 2. In the Radio section, click the checkbox below the lock icon to override default settings. 3.Configure the following settings for both the 2.4GHz and 5GHz radio band:

Channel Tx Power Channel Width 4. Click Apply. Customize SSID settings Although APs in the same network share the same SSID settings, sometimes you just do not want a specific AP to enable all SSIDs in the network. For example, you don't want the SSID of financial department to be enabled and accessible everywhere. In the Quickview Panel, you can also finetune and override SSID settings. Follow the steps to override network-wide settings and enable or hide the SSID of a network. 1. In the WLAN section, click on the checkbox near lock icon to override default settings. 2. Configure SSID to be enabled or hidden per your request. 3. Click Apply. Manipulate APs in a Network Once you have APs added to the network, you can apply more actions on the APs:

Move Select one or multiple access points and click to move the AP(s) to another hierarchy view/network. Remove Select one or multiple access points and click to remove from the current org/hierarchy view/network. Diag Tools This allows you to run the diagnostic tests that can help the Network administrator to troubleshoot. Under AP detail page > you can easily see the Diag Tools icon Under Manage > Access Points > Diag So the Full-screen tools are displayed, So you can use them. Diag Tools are all real-time AP diagnostic tools includes (1) Activity: CPU/Memory/Throughput/Channel Utilization(2) Speed test /

Ping (3) traceroute (4) All channel utilization (5) Live Clients + (6) Spectrum Analyzer Except Spectrum Analyzer is for S models only, (1)-(5) are all available for all models Activity: The info is as now and we add non-WiFi channel utilization % to let users know how much of the total channel utilization rate is from non-WiFi, so users can know if the interfering is from other AP or the environment of the channel is dirty and got high white noise. For the Speed test, users can choose one from the Test Server list (detected by AP) and do a speed test, so when users have an issue on slow connectivity issue, the admin can check if its due to Slow uplink of AP or due to dirty WiFi between client and AP. Ping: We put 3 default servers for users to check the latency change. User can also define their own server for the ping test. Traceroute: By default, we set the destination site to Google for the traceroute, and max hop is set to 8, which can be changed by the user. Traceroute allows user to know the path from the AP to the destination and will list every router/gateway (hop) and its latency, so if the destination is unreachable, then there must be some setting issue on router/gateway; and from the latency of each hop, the user will know the slow uplink is caused by which router/gateway. When the latency is over 10ms, the color will change to yellow, and if > 40ms, the color will change to red. All channel utilization: This is a useful tool that user can easily see how dirty each channel is at a glance, and decide if he wants to change the channel of the AP manually. Green is WiFi traffic and Orange is non-WiFi interfering. By mouse-over, you can see the details of how much the % of WiFi and non-WiFi. For the spectrum analysis tool (spectrogram or waterfall graph), we provide a rolling timeline view of signal strengths measured. The upper part shows the signal strength (RSSI) detected and the color indicates how many sources have been detected. The Lower part is the timeline view to let users know that, for example, channel 8 is dirtier than others, which might not be able to show from glance view of all channel utilization at the time, because the interfering source might not emit continuously but in high frequency. In the Live clients, you can monitor the clients that are connected to specific AP. You can use it when the AP feature plan is PRO. In the AP Basic feature plan, we only allow you to use the Diag tool in 1 min, after 1 min, Diag tools will be deactivated. If you want to use it longer, you can switch the AP feature plan to PRO. you can use the diag tool when the AP firmware is 1.x.35 or above. Configure and Check AP Details For each AP, there are more settings available to configure and fine-tune the system. In addition, EnGenius Cloud collects and aggregates lots of data reported by AP periodically. Sophisticated graphs and tables are available in the AP detail page to ease the monitoring and tracking on an AP. To get all the details, at AP list page, hover your mouse cursor on the row of AP you interested. A Details button is shown and click on it to get into AP detail page. Summary The first TAB page summarizes AP's current settings and states. All details of configurations and statistics are shown in this page. SSID The SSID section allows you to check and configure the exact SSID settings for this AP. SSID: shows the SSID name. Radio: shows the Radio (2.4GHz or 5GHz bands) turned on in this AP. Security: security type set on the SSID. Captive portal: shows authentication type for captive portal. Throughput The Throughput section allows you to check the throughput statistics for this AP. Note that you can control the filters to get different results based on your requirement:

By SSID By Time (daily/weekly/monthly) Radio The Radio section allows you to configure individual radio settings. The default radio setting will be followed by the network radio setting. If you want the radio settings of an access point to be different from the default, you can override them with custom values. IP Addressing This section allows you to configure IP address settings for the AP individually. DHCP: You can choose to auto assign IP addresses if there is a DHCP server in the network. Static: Allows you to manually assign an IP address. Enter the IP address you wish to assign to the access point and fill in the subnet mask, default gateway, and DNS server address. IPV4 Address: Enter the IP address for the access point. Subnet Mask: Enter the subnet mask for the access point. Gateway: Enter the default gateway for the access point. DNS Server 1: Enter the primary DNS server name. DNS Server 2: Enter the secondary DNS server name. Photos When an AP is just installed, you can take a photo (or several) on the AP and uploaded it to EnGenius Cloud as a property data for the AP. It's helpful for the installer to memorize where and how he installed the AP. Good to Know: It is easier to take photo and upload it in Cloud-to-go App. Logs The EnGenius Cloud Log contains several logging subsystems that each have unique data retention and export options available. Datasets like device event, system configuration, and analytics are used for starkly different purposes (business intelligence, operations, risk management, etc.) and are reflected in the native logging capabilities. In the Log TAB page, the system list all the device logs for current AP. If you need to track events across a network, check Device Events for more details. Filtering While the device log provides a thorough timeline of events on the AP, it is usually unnecessary to view all events. The following options are available to filter down the event log as needed. Log Filter Filtering By SSID or Client Filtering events to a specific client can help troubleshoot individual connectivity issues. Entering the MAC address, hostname, or custom name in the Client field will display only events affecting that client, excluding other client information and device events. For the same reason, SSID field can be used to filter out events related with other SSIDs. Filtering By Date and Time The event log shows all events for clients and devices, starting with the most recent event by default. The date and time filters are useful to display only events that happened at or before the specified time. Filtering By Severity The event log are categorized in different severity:

Error Warning General You can also set the filter to only show the logs with dedicated severity. Filtering By Event Type The following types of events will be reported by ECW access points:

WLAN Client Connection WLAN Client Control WLAN Radio Client Roaming Device Status Mesh AirGuard The filter also support all types of events listed above. Clients Clients page provides comprehensive details of wireless clients that ever managed by the access point. This page is filtered for current AP and supports all features as same as in Managing Clients. To get more details, please refer to the Managing Clients section. Tips:

To browse the clients page by page, you just need to scroll down the page to the end of screen. The web system will automatically load next page for you. The clients in the list are historical data reported by AP minutes ago. If you want to see clients connecting with AP in realtime, click on the Live Clients link. It will lead you to the diag tools which give you an update of client list in seconds. Realtime Diagnostics EnGenius Cloud provides powerful diag tools to track every details of your network in REALTIME. To trigger the Diag Tools, simply click on the diag button shown below:

Please refer to Diag Tools to get more details. LED Control On the top of AP detail page, the are two buttons available to control AP LEDs instantly. LED Light: This allows you to enable or disable all LEDs on the AP. This is helpful if users does not want to LEDs of AP interfering their vision at night. LED Blinking: Click light bulb icon. LEDs on the AP will blink for 10 seconds. This helps the installer to find and identify a AP. Managing Switches Click Manage > Switches to access this screen and double-click the organization/hierarchy view/network on the tree to change the scope. The Switch List page lists all switches within your organization/hierarchy view/network, and allows you to choose each switch to view the port status, VLAN , STP and PoE. The following describes the functions in this screen:

Move to: Select one or multiple switches and click to move the switches to another hierarchy view/network. Remove From Networks: Select one or multiple switches and click to remove the switches from the current organization/hierarchy view/network. Add From Inventory: Click this button to add switches from your existing inventory. Detail: Click to display the individual switch details. PoE scheduling This allows you to view and configure PoE schedules that can be applied to the ports. Below screens display the existing schedules visually. Click Manage > Switch lists > detail > PoE scheduling to access this screen

Edit PoE Scheduling 1. Select the ports to be set the PoE scheduling then click Edit 2. Enable scheduling and then customize the PoE on or Off by dragging the bar. This behavior is the same when you configure the SSID scheduling. 4. Click Apply. Getting Switch Analytics From the Switches page, you can click Details on the web interface to display detailed information about a switch. PoE reset from the Switch Panel :

User can mouse-over to the PoE port of the switch port panel and power-cycle the port, so the device attached to the port will be rebooted Total PoE Usage: This bar graph displays the consumed, remaining, and total wattage utilized by Power over Ethernet. Total PoE Utilization by Port: Displays the current PoE utilization by each port, in watts. System Setting The System Settings section allows you to configure all primary networking options for your switch. Spanning Tree Protocol A Spanning Tree Protocol is a Layer 2 protocol that prevents loops in a network with redundant paths created by multiple switches. We recommend using this feature if your environment incorporates multiple switches. Procedure 1. Enable the STP option 2. Select a Protocol 3. Select a Bridge Priority value 4. Click Apply LLDP The Link Layer Discovery Protocol (LLDP) is a Layer 2, vendor-neutral protocol that allows network devices to advertise capabilities, identity, and other information. This data can potentially be queried by SNMP. Procedure 1. Enable the LLDP option 2. Click Apply Voice VLAN The Voice VLAN feature configures switches to automatically allow and prioritize voice traffic over a designated VLAN. This keeps voice traffic separate and prioritized over other traffic types. Mode: Allows you to define the Voice VLAN mode. Auto: Automatically advertises the Voice VLAN to connected devices via the LLDP-MED protocol. OUIs: Determines whether a received packet is a voice packet by checking its source MAC address. Switch Voice VLAN: Allows you to choose what VLAN is used for Voice VLAN. You can set up VLANs in Port Settings. QoS Priority: Lets you define whether the switch will use the Quality of Service CoS value of the incoming packet, or tag the packet with a CoS value between 1-7. OUIs: VoIP traffic has a pre-configured Organizationally Unique Identifier (OUI) prefix in the source MAC address. You can manually add a specific manufacturer's MAC address and description to the OUI table. All traffic received on the Voice VLAN ports from the specific IP phone with a listed OUI is forwarded on the voice VLAN. QoS Quality of service (QoS) allows operators to prioritize application traffic to ensure that latency-affected data, such as VoIP and video conferencing, is uninterrupted during periods of network congestion. Switches implement this by reading tagged packets and prioritizing them accordingly. Packets are classified using Class of Service (CoS) on the data link layer, and Differentiated Services Code Points (DSCP) on the network layer, mapped to a queue, then sent out accordingly as per QoS. Trust Mode: Allows you to define whether the switch will use CoS, DSCP, or both trust modes for QoS. Scheduling Method: Allows you to define what method the switch will use when assessing transmitting incoming packets in queues. Strict priority always prioritizes queues with a higher priority, while Weighted Round Robin (WRR) weights each queue by priority, then applies a round-robin policy when choosing packets for transmission. Queue Mapping: Tagged packets are sent to queues defined in this setting. For each CoS or DSCP value, you can choose the queue to which tagged packets are mapped. IGMP IGMP Snooping is used for controlling multicast traffic. It listens to IGMP messages being processed by the switch and prevents these messages from being sent to hosts not part of the respective multicast. Version: The available IGMP Snooping versions are v2 and v3. You can select either/or in the Version dropdown VLANS: You can enable IGMP Snooping for any VLAN by selecting the corresponding checkbox next to the VLAN ID. Jumbo Frame Ethernet has used the 1500 byte frame size since its inception. Jumbo frames are network layer PDUs that have a size much larger than the typical 1500 byte Ethernet Maximum Transmission Unit (MTU) size. Jumbo frames extend Ethernet to 9000 bytes, making them large enough to carry an 8 KB application datagram plus packet header overhead. If you intend to leave the local area network at high speeds, the dynamics of TCP will require you to use large frame sizes. The switch supports a jumbo frame size of up to 9216 bytes. Jumbo frames need to be configured to work on the ingress and egress port of each device along the end-to-end transmission path. Furthermore, all devices in the network must also be consistent on the maximum jumbo frame size, so it is important to do a thorough investigation of all your devices in the communication paths to validate their settings. Jumbo Frame : Enter the size of a jumbo frame. The range is from 1522 to 9216 bytes. Port Settings Selecting one or more ports and clicking Configure will display the following settings:

Link: Allows you to enable or disable the connection for this port. Label: Allows you to add a descriptor for this port. Speed/Duplex: Allows you to define the following speed/duplex communication settings for this port:

Auto: Speed/Duplex will auto-negotiate based on the connected node. 1Gbps / Full Duplex 100 Mbps / Full Duplex 100 Mbps / Half Duplex 10 Mbps / Full Duplex 10 Mbps / Half Duplex Power over Ethernet (PoE): Allows you to power a connected device through an Ethernet cable using your switch. VLANs: Allows you to group devices to create a partitioned network on the same LAN. Isolation: Allows you to configure a port to transmit traffic only to its connected node. Rate Limit: Allows you to limit the amount of incoming and outgoing traffic in Mbps. Flow Control: Enabling this will have the switch regulate traffic during times of congestion. QoS: If QoS is enabled in Switch Settings, you can configure additional settings per port. CoS Value: All incoming packets that lack a CoS value will use the one set in this dropdown. Trust CoS: If checked, the switch will queue packets tagged with CoS into their designated queues. If unchecked, all packets will leave the same queue. PD lifeguard: When abnormal events happen on Powered Devices, they might require reboot in order to return to normal operation. PD Lifeguard can be used to judge if the PD is still reachable and turn the unreachable devices off and on. Specified IP: Setting specified IP on a specific port. Ping Interval: Setting ping IP interval on a specific port. Ping Max Count: Setting ping max count on a specific port. Power Recovery Interval: The waiting time between power off and power on a specific port. PD BootUp Time: Setting Powered Device boot-up time on a specific port. Realtime Meters System Metrics is primarily for viewing real time statistics . By default there are two types of data:

CPU Memory Capturing data over a period of time allows you to see trends useful for determining the overall performance of your switch. Override System setting on the Switch Network-wide setting System setting is followed by Switch setting from the Configure > Switch settings as default settings. If you want individual AP System settings to be different from the Switch Network- wide setting , you can click below part in the screen to override the setting . Mirror Port Mirroring allows you to copy packets on one or more ports to a mirroring destination port. You can attach a monitoring device to the mirroring destination port to view details about the packets passing through the copied ports. This is useful for network monitoring and troubleshooting purposes. The feature is available is at Manage > Switch < Details > Mirror The following describe the labels on this screen :

Session id : A number identifying the mirror session. Switch supports up to 3 mirror sessions. Session State : Select whether to enable or disable port mirroring. Destination Port : The port which all mirrored data is sent to . Ingress : indicates that only data being received will be mirrored. Egress : indicates that only data being sent will be mirrored How to configure 1. Click the edit icon towards the right . 2. Enable the Session state. 3. Select the Destination port 4. Select the Ingress and Egress port 5. Click Apply Port state There are four types of port that you configured . Port was assigned to a destination port . Port was assigned only data being sent will be mirrored . Port was assigned only data being received will be mirrored . Port was assigned both directions of data are being mirrored to the destination port. Link Aggregation Link aggregation groups multiple ports together in parallel to act as a single logical link. Aggregation-

enabled devices treat all physical links (ports) in an aggregation group entirely as a single logical link (port). Member ports in an aggregation group share egress/ingress traffic load, delivering a bandwidth that is multiple of a single physical link. The feature is available is at Manage > Switch < Details > Link How to Configure To Configure trunk , you must select aggregation type . Select from the following options:

LACP: LACP is a dynamic protocol which helps to automate the configuration and maintenance of LAGs. The main purpose of LACP is to automatically configure individual links to an aggregate bundle, while adding new links and helping to recover from link failures if the need arises. LACP can monitor to verify if all the links are connected to the authorized group. LACP is a standard in computer networking, hence LACP should be enabled on the Switch's trunk ports initially in order for both the participating Switches/devices that support the standard to use it. Static: Static configuration is used when connecting to a switch that doesn't support LACP. Disable : Disable the trunk that you configured previously. Then select the Member Ports to add into the trunk group. There are two ways to select the ports 1. Click on the port picker to select multiple ports. 2. Click Pencil icon to input port numbers After you complete the trunk settings , remember to click Apply to take effect . Managing Clients EnGenius Cloud provides management views that collect information about connected clients in your organization/hierarchy view/network. Click Manage -> Clients to access this screen and double-click the organization/hierarchy view/network on the tree to change the scope. Filtering the Clients List The list of clients can be customized based on time intervals, and the chart can be customized based on time intervals and SSIDs. To change these parameters, use the appropriate dropdown menu at the top of the screen. Searching for Clients You can search for a client in the current client list by using the search. You can search by any parameter included in the search options, and it will attempt to match your query across all fields. You can also specify multiple parameters by clicking on the icon in the search box, as seen below:

Block Clients This allows you to block clients on the current SSID that clients connected . Once you want to unblock clients , please go to Configure > SSID > Access control to delete the Mac Address from the Block list . VIP Clients This allows you to make clients as VIP on the current SSID or on Network-wide that clients connected. Once you want to delete clients from the VIP list, please go to Configure > Access control to delete the Mac Address from the VIP list. Kick Clients If you don't want to block clients permanently, you could just kick them so that they can connect again if they want to. Client Timeline The Client Timeline is a great feature that aggregates and analyzes activities of a specific wireless client to provide an intuitive and historical view. With Client Timeline, user can easily know how clients associate, authenticate, and roam among Access Points. It is extremely useful when you need to debug or trace your wireless network. The feature is available at Manage > Client > Client name. Client States The EnGenius Cloud AI system categorizes client activities into five different states:

Client was connecting to an AP. Client was roaming and connecting to another AP. Client changed to associate with different radio or SSID of the same AP. Client failed to authenticate with an SSID. Client was denied because of it is in block list. The states are displayed at the left hand side of timeline. User can easily see how a client transited its states among APs. Radio Color Conventions The drawing and content of client timeline follows the color conventions as below:

Green: represent a 5G session. Blue: represent a 2.4G session. In the right hand side of each session, the system shows the channel, band, protocol, and signal strength of client detected at the beginning of that session. Transition Details The communication between wireless client and AP could be very complicated. Different clients with different wifi chips and wireless drivers can behave very differently while communicating with the s ame AP. The intelligent engine behind Client Timeline is capable of analyzing communication packets effectively and performs clean and human readable transition details for the user. User can click on the event summary inside a connection session to expand the sequence of transition details:

Table below displays client leave patterns when client leaves each connection session. Leaving reason Description Incorrect password Client switch to {device_name}/{radio}

Roam out to {device_name}

Client entered the incorrect password for WPA or wrong authentication information for EAP When the RSSI signal is not good enough, the client did not disassociated from the AP and it connected to new AP directly with regular authentication procedure. When the RSSI signal is not good enough. The client disconnected from the original AP and connected to the new AP by 802.11r fast roaming protocol. The client disconnected from the AP due to band Steer to {radio}

Disconnected by {device_name}

AP disconnect steering protocol. It received the 802.11v trigger and connected to suggested band accordingly. The client was disconnected by the AP due to ba RSSI signal (fast handover). The client was disconnected by the AP due to unknown reason. Kicked by Cloud The client was kicked by the cloud administrator. Denied by ACL Exceed client limit Client inactive Client disconnect Disconnected due to SSID configuration change The connection was refused by AP because the client was on the blocked list under access contro The connection was refused because the client count has exceeded the maximum 2.4G/5G client limit. The client was inactive because it was on power saving mode or far away from the AP. The client disconnected because the user disable the Wi-Fi or choose to connect to other AP. The clients was disconnected due to SSID configuration change. Some configuration change took effect only after recycled (down&up) the NIC

(network interface controller). When the NIC is down, all connection are disconnected. Device Map Location This screen allows you to locate a device on the world map to show the relationship between the space and EnGenius Devices. Maps provide a visualization for buildings and access points. Create Buildings A building means a group of floor plans. You can create a new building with the + button. After you create a building, you can drag it to the map. Single-click on the building icon and a hyperlink will appear to allow you to edit floor plans. How to Place Access Points or Buildings on the Map 1. Click access point list or buildings list. 2. Enter the street address in the address field. 3. Drag the access point/building onto the map. Navigation There are a number of ways to navigate through the map display. Single Click: If the user single-clicks on the focus icon on the access point or building lists, it will auto-locate the same item in the map. Double Click: If the user double-clicks on the building icon in the access point list, the UI will auto-navigate to the floor plans of that building. Floor Plans Floor plans allow you to simulate the heatmap. This article will discuss how to upload custom floor plans, pin them on the map, and place devices within these floor plans. Uploading Floor Plans Before uploading floor plans, a building must be created to contain them (see Managing Devices > Device Map Location in the user manual). To upload a custom floor plan/map:

1. Navigate to Manage > Map & Floor plans. 2. Click Building and click Add. 3. Enter a name and then click Create. 4. Find the building you have just created in the building list and click the picture icon. 5. Enter a name and upload the floor plan, then click Apply. Deleting a Floor Plan If you no longer use a floor plan that you previously imported, you can delete it. Follow these steps to delete a floor plan:

1. Find the building you created in the building list. 2. When the floor plan appears, hover over it and click Delete. Virtual AP Virtual AP is now available for users to add virtual AP together with physical AP, so users can simulate the heat map if he adds more AP to increase the coverage Add Virtual AP and choose units of models to add The Tool icon for users to modify the tx power and channel for heat map simulation Drag the physical AP to Virtual AP (model needs to be the same) then physical AP could use the Virtual AP configuration. Polyline in Obstacle When drawing the walls, users used to draw the line one by one by click start and end for straight lines, now with the Polyline option available, users can simply click on the turning point to draw lines quicker. Topology Network topology is a powerful tool to provide administrators a graphic overview of the logical network topology and the status of EnGenius devices. Use this screen to view the topology of the Org/Network. Click Manage > Topology to access this screen and double-click the organization/hierarchy view/network on the tree to change the scope. Learn which physical links in your network are most heavily-trafficked; simply hover over individual network links and devices to learn statistics about that connections negotiated speed, usage, and a number of directly connected clients using it in the past 5 minutes. The following describes the functions on this screen:

Show label : Click to display or hide the device name & HW status on each device. HW status : Click to display or hide the POE Utilization on each switch. Redundant : Click to display or hide the redundant link . Other Devices : Click to display the third party devices as well as EWS series devices. Export : Click to download topology as PDF format . Configuring Networks Theres a lot that EnGenius Cloud can do to customize a network to meet your specific needs. Well walk you through the most common settings here. Configuring SSIDs Facebook Wi-Fi Facebook login provides a social sign-on experience for users logging in to access points. You can use your Facebook page as the sign-in page when they first log in to your network. Users can then check in with their Facebook credentials, update their status, and like the Facebook page. Configuring EnGenius Wi-Fi with Facebook Login After creating a Facebook page, Facebook Login is configured on the Configure > SSID > Click one of the SSID > Captive Portal by taking the following step:

1. Select Facebook Wi-Fi under the Authentication Type section and click the Setup Facebook Wi-Fi button:

2. Wizard is displayed. Click Continue if you have created the Facebook page in advance. If you haven't created it, you could create a Facebook page.

3. You will now see a link Go to FB Wi-Fi Setup page. Clicking on this link will take you to your Facebook Wi-Fi settings page. 4. If you are not logged into Facebook, you will be prompted to log into Facebook. Once you have logged in, you will see the following settings that will let you pair your SSID with your Facebook Page:

5. Once your Facebook page has been successfully paired with your SSID, the SSID page will update the Facebook Wi-Fi section with information about the paired page, along with an option to Unpair. 802.11 Settings 802.11r 802.11r is a standards-based fast roaming technology that is leveraged when using a secure SSID (WPA2-

PSK & WPA2-Enterprise). This option improves client device roaming by reducing the handoff delay in situations where client devices roam from one access point to another. 802.11r is disabled by default on EnGenius Cloud. This feature can be enabled from the Configure > SSID page under Network Scope. If this option cannot be enabled, please go to Wireless > Security Type to select WPA2 PSK or WPA2 Enterprise in advance. 802.11w is enabled when Security Type is not Open. 802.11w enables Protected Management Frames

(PMF) for management frames such as authentication, de-authentication, association, disassociation, beacon, and probe traffic. This enables APs to help prevent rogue devices from spoofing management frames from APs. Enable 802.11r will allow APs to begin utilizing Protected Management Frames for any clients that support 802.11w. Configuring Security Security Type Click Configure > SSID > Click one of SSID > Wireless to access this screen. The following describes the authentication types on this screen:

Open: Allows any client to associate with this network without any data encryption or authentication. WPA2 PSK: Enter a pre-shared key of 8-64 case-sensitive characters to enable WPA2-PSK data encryption. WPA2 Enterprise: Select Custom Radius to use an external Radius server or select the EnGenius Cloud Radius to use the EnGenius Cloud for 802.1X authentication. OWE: When using hotspots in public, users are given better protection through the Wi-Fi Enhanced Open that provides unauthenticated encryption. WPA3 Personal (SAE) - WPA3 only: This type features easier password selection for users to easily remember. It also feats a higher level of security wherein data stored and data traffic in the network will not be compromised even if the password was hacked and data was already transmitted. The upgrade also enabled the Simultaneous Authentication of Equals (SAE) which replaced the Pre-shared Keys

(PSK) in WPA2-Personal. WPA3/WPA2 Personal mixed: WPA2/WPA3 mixed mode allows for the coexistence of WPA2 and WPA3 clients on a common SSID. The passphrase for both WPA2 and WPA3 clients remains the same, the AP just advertises the different encryption cyphers available to be selected for use by the client. Clients choose which cypher to use for the wireless connection. WPA3 Enterprise: This type was mainly built for tighter and consistent application of security protocols across networks of governments, establishments, enterprises, and financial institutions. Offering optional 192-bit minimum security, the WPA3 will make cryptographic tools better. Hence, better protection for sensitive data. WiFi Access QR code This QR code allows you to use your mobile device to connect to the specific SSID. Client IP Addressing In NAT mode, the EnGenius APs run as DHCP servers to assign IP addresses to wireless clients out of a private 172.x.x.x IP address pool behind a NAT. NAT mode should be enabled when any of the following is true:

Wireless clients associated to the SSID only require Internet access, not access to local wired or wireless resources. There is no DHCP server on the LAN that can assign IP addresses to the wireless clients. There is a DHCP server on the LAN, but it does not have enough IP addresses to assign to wireless clients The implications of enabling NAT mode are as follows:

1. No NAT client can be talked to the other NAT client, neither same SSID nor different SSID (client isolation enabled and block internal routing) 2. Change the IP range of CP DNS to be same as AP DNS (172.16-23.0.0/16) Use Cases NAT mode works well for providing a wireless guest network since it puts clients on a private wireless network with automatic addressing. Diagram When an SSID is configured in NAT Mode, wireless clients will point to the access point as their DNS server. The AP then acts as a DNS proxy and will forward clients' DNS queries to its configured DNS server. Configuring Custom DNS for an SSID in NAT Mode This allows you to set custom DNS servers for a NAT SSID, instead of using the AP's DNS server. This is typically used to forward NAT SSID clients to a DNS server with custom content filtering. Configuration 1. Navigate to Configure > SSID, then choose one SSID to customize the DNS settings. 2. Locate the Client IP mode and choose NAT mode then click Custom DNS. 3. Enter the preferred Custom DNS IP addresses. 4. Click Apply. Bridge Mode In bridge mode, the APs act as bridges, allowing wireless clients to obtain their IP addresses from an upstream DHCP server. Bridge mode should be enabled when the following is true:

Wired and wireless clients in the network need to reach each other (e.g., a wireless laptop needs to discover the IP address of a network printer, or wired desktop needs to connect to a wireless surveillance camera). The implications of enabling Bridge mode are as follows:

Wired and wireless clients have IP addresses in the same subnet User Cases Bridge mode works well in most circumstances, particularly for Roaming. and is the simplest option to put wireless clients on the LAN. Configuration 1. Navigate to Configure > SSID , then choose one SSID . 2. Locate the Client IP mode and choose Bridge mode then click Apply. If you configure Bridge mode on two or more SSIDs in the same network , it means that these Clients have IP addresses in the same subnet. Dynamic VLAN Pooling When Dynamic Client VLAN Pooling is enabled on your WLAN, the clients will be assigned IPs from any of the VLANs listed in the pool, which are randomly selected based on MAC hashing algorithm performed by the cloud/AP. In a single Instant AP cluster, a large number of clients can be assigned to the same VLAN. Using the same VLAN for multiple clients can lead to a high level of broadcasts in the same subnet. To manage the broadcast traffic, you can partition the network into different subnets and use L3-mobility between those subnets when clients roam. However, if a large number of clients need to be in the same subnet, you can configure dynamic client VLAN pooling, in which each client is randomly assigned a VLAN from a pool of VLANs on the same SSID. Thus, VLAN pooling allows automatic partitioning of a single broadcast domain of clients into multiple VLANs. Dynamic VLAN pooling usually works with BCMC Suppression to get better experience and reduce network complexity for large scale networks. Advanced Settings L2 isolation L2 isolation is a feature to prevent wireless client from communicating with any other devices in the network except gateway. With this feature enabled, not only clients associating with the same SSID cannot communicate with each other (this is so called client isolation conventionally) but also clients cannot access other devices in the same LAN. Another exception is that wired devices added to VIP list are still accessible. Example Use Cases Guest SSID to isolate clients and also stop them accessing corporation LAN resources Free WiFi service in which administrator want to keep the authentication simple, e.g., WPA2_PSK, such that customer can access the SSID via QR-code scanning. L2 isolation works with all types of client IP addressing, i.e., NAT mode and Bridge mode. Band Steering Dual band operation with Band Steering detects clients capable of dual band operation and steers them to another frequency which leaves the more crowded band available for communication. This helps improve the end-user experience by reducing channel utilization, especially in high-density environments. Band Steering is configured on a per-SSID basis. RSSI Threshold This value defines the minimum RSSI required for dual-band wireless clients to associate to 5G band. If the client's RSSI drops below this threshold, it is only allowed to connect to 2.4G band. The recommended value is -60~-80. BCMC Suppression BCMC suppression is a feature to drop all the broadcast and multicast frames on a VLAN except for ARP, DHCP, IPv6 router advertisement, and IPv6 neighbor solicitation. Broadcast-Multicast traffic from APs, remote APs, or distributions terminating on the same VLAN floods all VLAN member ports. This causes critical bandwidth wastage, especially when the APs are connected to an L3 cloud where the available bandwidth is limited or expensive. Suppressing the VLAN broadcast -multicast traffic to prevent flooding can result in loss of client connectivity. To effectively prevent flooding of broadcast-multicast traffic on all VLAN member ports, use BCMC Suppression to ensure controlled flooding of broadcast-multicast traffic without compromising the client connectivity. This option is disabled by default. You must enable this option for the controlled flooding of broadcast-multicast traffic. Example Use Cases Enterprise network with over 1000 active wired or wireless clients in different VLANs. Campus network with over 1000 active wired or wireless clients in different VLANs. BCMC Suppression usually works with dynamic VLAN pooling to reduce the management complexity for large scale networks. QoS Bandwidth Limit Bandwidth Limitation ensures that users do not consume more bandwidth than they should. We integrated bandwidth Limitation that enforces upload and download limits. Bandwidth Limitation can be applied per SSID or per user or both. When both SSID and Per Client bandwidth limit are set, that means when the total sum of client bandwidth is less than SSID bandwidth limit, per client can have a maximum of per client bandwidth limit. If the total sum is over the SSID limit, then all users will share the upper limit of SSID bandwidth. Use this screen to configure maximum bandwidth. Click Configure > SSID > Bandwidth Limit to access this screen. Download Limit Set the maximum download stream limit for traffic from the SSID or Per user . Upload Limit Set the maximum upload stream limit for traffic from the SSID or Per user . Captive Portal A captive portal can intercept network traffic until a user authenticates his/her connection, usually through a specifically designated login page. Click Configure > SSID > Captive Portal to access this screen. Authentication Type Click-through: Users must view and acknowledge your splash page before being allowed on the network. EnGenius Authentication: Users must enter a username and password before being allowed on the network. You could edit user settings through Configure > Cloud RADIUS User. Custom RADIUS: Enter the host (IP address of your RADIUS server, reachable from the access points), port (UDP port the RADIUS server listens on for access requests, 1812 by default), and secret

(RADIUS client shared secret). Optionally, the Accounting Server can be enabled on an SSID that's using WPA2-Enterprise with RADIUS authentication. Voucher Service: Edit the access plan for guests for the front-desk manager. Social Login: Allows users to use a Facebook account to access WiFi. Redirect URL Configure the URL to which users will be redirected after successful login. Redirect to the original URL: Select this option to cache the initial website from the client during the authentication process and then forward it to the originally targeted web server after the user successfully authenticates. Redirect users to a new URL: Select this option to redirect users to a pre-designated URL after the user successfully authenticates. Advanced Setting Session Timeout: Specify a time limit after which users will be disconnected and required to log in again. Idle Timeout: Specify a time limit for an idle client after which users will be disconnected and required to log in again. Walled Garden: This option allows users to define network destinations that users can access before authenticating. For example, your company's website. HTTPS Login: This option allows users to log in through HTTPS. When you enable it, your password is encrypted, so others could not retrieve your information. LDAP server Captive Portal supports the way to authenticate with an externally hosted LDAP server. The option is available at Configure > SSID > Captive Portal > my LDAP server Follow the steps below to configure the LDAP service:

1. Click Add a server to add a new LDAP server. 2. Enter the IP address or domain name of your LDAP server in the Host field and the LDAP listening port in the Port field. 3. For LDAP admin, enter the distinguished name of the administrative account to bind your LDAP server, for example, cn=admin,dc=example,dc=com, and the password. 4. Click OK and then click Apply button. Active Directory Captive Portal supports the way to authenticate via an externally hosted AD server. The option is available at Configure > SSID > Captive Portal > Active Directory. Follow the steps below to configure your AD service. 1. Click Add a server to add a new AD server in the list. 2. Enter the IP address or domain name of your AD server in the Host field and the AD server listening port in the Port field. 3. For AD admin, enter the AD format: admin@example.com, and the password. 4. Click OK and then click Apply button. Social Login Social login allows you to use your Facebook account to access WiFi. Follow the below steps to configure social login. 1. Click Configure > SSID > Select a SSID 2. Click Captive portal > go to Authentication Type > select Social login. 3. Click Apply. Voucher Service This guide is intended to help you set up your network to generate and accept vouchers. With vouchers, you Vouchers can be set to specific time increments and are ideal for hotels, coffee shops, apartments, etc. where you want to limit network access to users for a specific period of time. Enable Voucher Service Enable the voucher service by clicking Configure > SSID > Captive portal > Voucher Service. Note: Please make sure that Security Type at Configure > SSID > Association has been configured as open or WPA2 PSK before trying to enable Voucher Service. Since Voucher Service is capable of generating user/password randomly, it can not work with a dedicated WPA2 Enterprise authentication server. Remember click on the Apply button at top-right corner to confirm your change on SSID settings. Management URL and Access Plan Management URL For each enabled voucher service, a dedicated Management URL is created. Any team members who have permissions of Front-desk Manager or Administrator can log in that specific URL and manage Voucher Users there. Access Plan In addition, you can create different Plans for voucher user to identify how long a voucher user can access the network (Access Time) and how many simultaneous login are allowed for that user (Simultaneous Login). Plan Start Time The plan start time is an option that defines the plan of voucher service is activated when an account is created or after the account's first login. Managing Voucher Users Generating Guest Pass The first page after you login the Management URL of Voucher Service allows you to generate guest account/password with different manners:

A network Administrator or Front-desk Manager can firstly select a access plan and then select to generate account/password of voucher user automatically or manually. Auto Generation allows you to generate Guest pass in batch , you can fill in the number of the Guest Pass you want to create. Managing Voucher User Click on the User Management Button in the toolbar. A Guest Management Page is performed to list all generated voucher user. You can edit the properties of a voucher user by clicking the user_id of that user or pick the users in that list to delete. Print the Voucher User Info In the Guest Management Page, you can also select the users and click on the print button to print the voucher info for end-user. This feature allows you to print voucher users in batch. Configuring Splash Page This guide is intended to help you set up your splash page. With a splash page, you can channel network users to see a custom page before they can access the Internet. Before you start configuring a splash page, please make sure the captive portal is enabled in advance. External Splash Page URL: The external splash page enables the administrator to host their own splash page web server, rather than having it hosted by EnGenius Cloud. Local Splash page : Local Splash page provides the HTML for a splash page that will be hosted internally on the Access Point . For example , allows you to customize your splash page. After you complete the splash page, please remember to click Apply. Using the WYSIWYG editor You can choose different template from the drop-down menu at the top of the editor. Once you select your starting template, you can customize it with your message, colors, fonts, and images. EnGenius uses a WYSIWYG (what-you-see-is-what-you-get) editor that also supports HTML editing. In addition to the standard editing tools along the top toolbar , you can click HTML icon to start editing . Choosing a starting template Choose a template from the drop-down menu at the top of the editor. You can customize the content and presentation of these templates to suit your needs . Any edits you make will be a copy of the template, you can go back to the default at any time. Adding and modifying images Each splash page template comes with a library of stock images. You can also use the Insert Image tool to add your images and logos. 1. Click the Insert Image button, then navigate to a file, or drag and drop it into the upload images. 2. Double-Click on the image or click insert icon to add the image. Access control This page allows you to block clients in mac based on current SSID. The following describes the functions on this screen:

Add : The entry for you to add the Mac address to be blocked. Reset : Clean all the Block list . Delete : Delete the list that you selected . After you add the block list , remember to click Apply to take effect . Clone SSID This allows you to clone SSID configuration which you created previously. So you can create Multiple SSID with same configuration easily. Follow steps to clone SSID 1. Click Clone From 2. Select SSID to be cloned => Click apply in popup 3. Click Apply on tab bar to take effect Examples How to Configure Captive Portal 1. Before you begin configuring a captive portal, you need to create a SSID. Navigate to Configure >

SSID (If you can't click configure, please make sure you are on network scope). 2. Select one of the SSIDs from the list. If one is not available, please click Add SSID to create one. 3. Navigate to the captive portal and click Enabled and then select the authentication type. 4. Click Apply. Configuring Radio Use this screen to configure radio settings for all access points in the network. Double-click one of the networks on Org-Trees > Configure > Radio Settings. The settings and options in the Radio Setting page apply to all access points in a network, and you can configure the following settings:

Channel This option allows users to customize the channels. On the Auto setting, EnGenius access points automatically adjust the channels of their radios to avoid RF interference. Exclude DFS Some use cases may require that Dynamic Frequency Selection (DFS) channels be excluded from the Auto Channel algorithm. DFS channels can be allowed or excluded on the radio settings page. Since DFS channels can only be used until radar communication is heard, disabling DFS may be useful if the wireless network is in close proximity to a harbor, airport, or weather radar station. Administrators may also want to disable DFS if most local wireless clients do not support DFS channels. Please notice that Exclude DFS only affected when Channel is Auto on 5G. Channel HT Mode The use of 40 MHz channels on the 2.4 GHz band does not provide for multiple independent channels in multi-AP deployments for 2.4GHz. The recommended setting is 20MHz. To maximize throughput, use 40 MHz for 802.11n and 80 MHz for 802.11ac for 5GHz. Note that higher density deployments should use 20 MHz or 40 MHz channels on 5 GHz. Tx Power Using this option, users can set a custom range for Tx power. The higher the transmission power (Tx power) of the access point, the bigger the coverage of the WiFi signal, so usually maximum power is set for an access point to connect to another access point for WDS or mesh purposes. However, it might not be the best practice if the access point serves the purpose of being a client access point because usually client devices (notebooks, mobile phones, etc.) might not have the same transmission power to be able to communicate back. The current device's transmission power can be referenced here, where most notebooks and mobile phone transmission power range from 15dBm - 25dBm. Some WiFi devices, like Amazon Echo, are in the smaller range of 10-11dBm. If your enterprise environment is comprised mainly of notebooks and mobile phones, then it is better to turn down your access point transmission power to 15-17dBm on 5G, and 10-12dBm for 2.4G (so the coverage area of 5G and 2.4G is about the same). If you keep the same transmission power of 5G and 2.4G, it also means the signal strength of 2.4G is about 6 dB higher than 5G at the same location. Then the client device might roam from 5G to 2.4G because it detects better signal strength. It is highly recommended to leverage the EnGenius ezWiFiPlanner tool to simulate coverage with different transmission power settings. Minimum Bit Rate EnGenius access points can adjust the minimum bit rate for each radio (2.4G and 5G separately). When the minimum bitrate is set, an access point will send out beacons based on the minimum bit rate. For example, if the bit rate is set to 6Mbps, then those clients with slower than 6Mbps bit rate will not be able to connect to the WiFi and will not slow down other clients' performance. 802.11b max bit rate is 11Mbps, so if 12Mbps is set per radio, then 802.11b clients will not be able to connect to the network. The other benefit is to help better roaming, because when a client roams to a weaker RSSI signal and causes slower performance, then the access point will be kicked out, and the client will search the available SSIDs again to connect to a stronger signal SSID. If the value is set too high, then it also means a greater density of access points are required to cover the area with the minimum bit rate. This may potentially cause more channel conflict because the transmission power of the access point remains the same, so the RF coverage area is the same and more RF areas overlap. Client Limit This is a hardware limitation, commonly applied to most access points in the market. There can be 254 clients connected to an access point at a maximum (127 clients to each 2.4G and 5G band). To serve more than 127 2.4/5G clients in a space, a higher density of access points must be deployed. Discard 802.11 a/b/g This option allows users to discard 802.11 a/b/g devices to use network to prevent the impact of performance on other 802.11ac/ax clients. Some legacy wireless clients are not compatible with 11ax. This option allows legacy equipment to connect with your network as usual, we suggest you disable 11ax in 2.4G of your Radio settings. In this way, you can have equipment working in 5G with better performance and get legacy devices served well in 2.4G. DCS (Dynamic Channel Selection) Dynamic Channel Selection allows a Wireless Access Point to monitor traffic and noise levels on the channel which is current operating and also keeps watching utilization of other channels with background scanning. When DCS is enabled and traffic or noise levels of current channel exceed predefined threshold (50%) for a period (15 mins), the AP ceases operating on the current channel and hops to an alternative channel with best utilization in statistics. When to use it DCS is useful for the complex and dynamic wireless environment where numerous APs and travel routers broadcast and transmit packets in the same area. It usually comes with high radio interference and situation changes from time to time. In this case, DCS could be helpful to react for unexpected interference with a short-term mechanism and jump to a cleaner channel to operate. When DCS is enabled, the client will be disconnected if the system decides to hop to a new channel. That may affect some real-time applications. DCS only takes effect when the channel of Radio is set in "auto". This feature requires AP firmware version to be V1.X.35 or above. Mesh This option allows users to enable mesh on 2.4GHz or 5GHz. After you enable mesh, there is an Auto Pairing button. After you click Auto Pairing, access points that haven't linked to the Internet are able to be scanned by neighborhood APs to run the mesh. How to enable mesh node Find an AP which is wired and working fine (connecting to Cloud successfully that Power LED is steady orange) 1. 2. Place your new try-to-mesh AP which is already registered to your Org and be assigned to a Network nearby the cloud-connected AP. (less than 10 meters depends on the transmission power set of 2 APs) 3. Power on try-to-mesh AP until mesh LED keep flashing 4. Click Auto Pairing and it starts to count down on our Cloud Web UI. That means the Cloud-connected AP is trying to find the try-to-mesh AP and help it to join Cloud 1. There must be a Cloud-connected AP nearby try-to-mesh AP to access wirelessly and in the same Network, so the Mesh configuration can be pushed to 2 APs to mesh together. 2. It might take some time since the try-to-mesh AP might need to go through firmware upgrade and reboot (around 4-10 min). 5. After everything is good, you can find a try-to-mesh AP (only ECW120) mesh LED is on, and Power LED is blue. After you complete each configuration above, you can click Apply, or click Reset to revert back to the original settings. Configuring Cloud RADIUS Use this screen to view and manage user accounts authenticated using EnGenius Authentication , you can choose EnGenius authentication from Configure > SSID > Captive portal, then select EnGenius Authentication from Authentication Type section ). Double-click one of the networks on Org-Trees > Configure > Cloud RADIUS Users to access this screen. The following describes the labels on this screen:

1. Name: Shows the descriptive name of the user account. 2. Email: Shows the type of the user account. 3. Authorized SSID: Shows the SSID numbers that the user has authorized. 4. Create Date: Shows the date and time that the user was created. 5. Status: Shows whether the user has been blocked or not. The following describes the functions on this screen:

Add User: Add users and authorize users to SSIDs. Authorize: Allows you to authorize users to SSIDs. Delete: Delete users. Block: Block users. Unblock: Unblock users. Configuring MyPSK When setting up an enterprise wireless network, it is common to configure WPA2-PSK authentication in order to onboard different users on to the wireless network. However, IT administrators may still encounter some drawbacks with this method of authentication when they need to use different PSKs in order to assign different VLANs. MyPSK allows a network administrator to use multiple PSKs and assigned different VLANs per SSID. Before Configuring the MyPSK Users, please make sure you have chosen the Cloud myPSK user From Configure > SSID > Wireless > Security Type > WPA2-MyPSK Create my PSK Users You can access this screen from Configure > MyPSK Users > Add Users The following describes the labels on the popup. Auto-Generated: Click the checkbox and then input the number of the users you want to create. Auto-

Generated Users are limited to 50 per time. PSK: Input the password for the user to log in, Auto-Generated Users will have PSK automatically. VLAN: By SSID means the user is assigned the VLAN from the SSID which you choose to authorize. If you see the VLAN you wanted is not displayed, you could add the VLAN from Configure > VLAN Settings, then you could select from the dropdown list. Allowed MAC: Only the User with this Mac Address could access the SSID, leave it blank if you don't want to restrict it. Expired Date: Default is Permanent, click the checkbox to choose the expired date User note: Add note to map the user to the PSK to identify the person SSID Authorized: The SSIDs you want users to access Edit MyPSK Users 1. Click the number on the Authorized SSIDs or each PSK 2. Allows you to edit the details of each user. Note 1. Doesn't support Captive portal mode nor NAT mode 2. Each Network has limited to 500 PSK users 3. In the SSID => Wireless => WPA2 myPSK , there is an option "Auth with External RADIUS Server " which is supported with AP v1.X.25 firmware or above. Available models :

(ECW220/230/260) Configuring VLAN This setting allows you to configure VLAN to all devices in the network at once . Table displays all VLANs have been configure in selected network . Use this screen to add and delete VLANs for network. Click Configure > VLAN Settings to access this screen. The VLAN Settings page contains the following information :

VLAN ID : VLAN ID. NAME : VLAN name. Voice VLAN : This shows if VLAN has been assigned to Voice VLAN or not. SSID : the SSID that has been assigned the VLAN. Add VLAN 1. Click Add VLAN button. 2. Input VLAN ID and VLAN Name. 3. Click Apply to complete the settings. After you create the Network wide VLAN , you need to go to Switch detail page to assign ports or go to SSID page to assign the VLAN to specific SSID . Configuring Switch Settings This setting allows you to configure Systems & Protocols in the network at once. This gives you to configure the System setting and apply it to whole Switches in the network. you can access this screen by Configure

> Switch settings. Many MSP or SI would like to be able to group configure port settings in the Network. Switch Template feature helps users to apply same port configuration to all switch with same models in the Network to save time of configuration one by one. you can access this screen by Configure > Switch Settings > Template You can create any template by Model type (or click on Edit of the template). The setting is similar to Individual Switch port settings. Apply to All will apply the Switch Template to all devices of the same model in the Network. Note The uplink port will not be overridden by the template to prevent losing connection. Uplink port couldn't be the Mirror destination port PoE on the ports should be enabled when the ports are configured the PoE schedule on the devices. You can apply the switch template to the same model of the switches from Manage > Switch List > choose the Switches to be applied > Choose Apply Template Firmware Upgrade Automatic Upgrades EnGenius Cloud enables automatic upgrades by default and will upgrade firmware according to the Maintenance Window time period each week. Manual Upgrade To manually update device firmware:

1. Select the firmware you desire to upgrade. 2. Click Upgrade Now (If you have the devices in the New Firmware Trial Zone, you will only upgrade the Firmware on these devices. ) 3. Click Apply. New Firmware Trial Zone Users can choose cloud devices into a New Firmware Trial Zone, so the devices in Trial Zone will be upgraded first (based on the Maintenance Window schedule), the other devices won't be upgraded within 21 days from the firmware release date. So you can prevent from the network going wrong after the firmware upgrade at one time. Rollback to Previous Version If the firmware has any issue during the trial period, you can call support or roll back to the device's previous firmware version by removing the device from Trial Zone. Upcoming Upgrade Schedule This allows you to know the exact Firmware Upgrade date of Trial Zone devices and other devices. So you will easily know what will be happening next. General Settings General settings allow you to configure Network settings, AP network-wide settings and so do Switches. Click Configure > General Setting to access this screen. Edit Network Network name, country, and timezone can be edited as needed. Follow the steps below to edit a network. 1. Click edit button to change network name 2. Select Country, Timezone, and then click Apply Local Credential This feature allows you to configure the login account of local web GUI for devices. The settings here apply to all APs and Switches in this Network . Note that username and password could be blank if you don't want to change device login account of local web GUI. LED Light This allows you to enable all AP's LED lights in the current network. LAN Port settings (for ECW115AP only) This allows you to configure Lan port settings on ECW115. Noticed that either LAN1 Lan2 can be used for the uplink port. This setting will be applied to the one which is not uplink port System Reserved IP Range When using NAT (AP DHCP) and captive portal, AP will leverage a range of IP addresses as default. If user unconsciously configures their local Network conflicting with the range, it will cause problems. the user is able to change the System reserved range if they cannot change their local LAN IP address range. SSID > Wireless > IP Addressing (NAT/Bridge). Click Change will redirect to Network-wide setting General Settings > AP > System Reserved IP Range Message for blocked Clients Clients can be blocked from accessing the network. When these clients attempt to connect to the network and open a web browser, they will be redirected to a blocked message. The Network-wide Default block message is configured on a per-network basis. The message is set in the Network-wide > General Settings > AP page. The blocked splash page below will be presented below to the blocked clients. Advanced settings Presence reporting For applications like CRM tools, presence analytics, or location-aware services which need to continuously gather presence data of wireless clients, EnGenius Cloud Acess Points are capable of delivering real-time presence data to fulfill the requirement. EnGenius Presence Service can have cloud-managed APs continuously gathering 802.11 probe request frames sent by wireless clients and then sending the data to 3rd party servers configured in EnGenius Cloud. Configuration In EnGeniusCloud, the configuration of presence service is at General Settings > AP > Advanced Settings the following parameters can be configured on the page:

Parameters Server Location Description 3rd party server address Secret used to generate a SHA256 HMAC signature, over the payload (the JSON message). The signature is then added to a custom HTTP header (Signature) in the POST message. The Interval between two consecutive messages has been sent. Key Interval Traffic log Traffic log feeds wireless client info to remote Syslog server. Note that enabling this setting will severely degrade AP performance. To enable this function, the syslog server must be enabled. Remote System Log The Remote System Log gives you the capability to remotely log Syslog events from a device on EnGenius Cloud to your external logging server. You can enable and configure the remote logging feature from Configure General setting Syslog server. Status: Enable to open the function to the remote system log. Log server address: Specify the IP address or hostname of the Syslog server. Log server port: Specify the port of the Syslog server. The default port is 514. Access Control In some cases, it is necessary to block a specific client on a network. This configuration will apply to the whole network and will affect the client immediately. Blocked List Navigate to Configure > Access Control to access this screen. You could block clients in the current network or on SSID basis depending on your requirement. This blocked list displays which you added the blocked clients in SSID > Access Control and Manage >

Clients . So you could manage whole blocked clients easily in single lists. Noted that there is a limit of 1000 clients for blocking. How to block clients 1. Click Add in the top-right corner . 2. Enter the Mac Address , select the Scope ( Current Network or SSID basis) , then click Apply How to Unblock clients 1. Select the clients on the lists 2. Click Unblock VIP Lists All VIP clients can bypass Captive portal. Wired VIP client can bypass L2 isolation . If wireless printer/scanner/IoT to be accessible, pls make sure the wireless printer/scanner/IoT devices are under SSID of Bridge mode L2 Isolation is disabled Optional: If captive portal is enabled on the SSID, the VIP can let the IoT skip captive portal entry If wired printer / scanner / IoT device to be accessible, then Make the devices be VIP to all SSIDs (or to the SSIDs for the wireless clients to be able to access) Any wireless client can access. No matter if NAT/Bridge mode. L2 Isolation can be enabled / disabled You could add the VIP clients in the current network or on SSID basis depending on your requirement. This VIP list displays which you added the VIP clients in SSID > Access Control and Manage > Clients . So you could manage whole VIP clients easily in single lists. Noted that there is a limit of 50 clients for VIP. How to Add VIP clients 1. Click Add in the top-right corner . 2. Enter the Mac Address , select the Scope ( Current Network or SSID basis) , then click Apply How to remove VIP clients 1. Select the clients on the lists 2. Click Delete If L2 isolation is enabled, the whitelist clients will be excluded, which means clients under the subnet can access this client even L2 isolation is on (Only wired client can take effect ) If NAT mode, no whitelist client will be allowed. That means Under NAT mode, client isolation will be enabled automatically Analytics Device Events Device events are events that are specific to individual devices, and are logged to EnGenius Cloud. Examples of events would include the specific time that a device comes online or goes offline. Use this screen to view Device Events. Click Analyze > Event Log > Device Event to access this screen. Searching the Event Log EnGenius Cloud allows to search device events based on a number of desired parameters. You can specify date/time, severity, and other parameters. Select one or multiple event types, then enter the SSID, device name/MAC, or select client to display the log messages related to it. After customizing your search parameters, remember to click Apply to perform the search. System Events System events are events related to EnGenius Cloud itself, such as device management or user management. Use this screen to view system events. You can specify date/time and severity, then select one or multiple event types. Enter the operator name to display the log messages related to it. Click Analyze > Event Log > System Events to access this screen. Config Logs Config logs capture events based on your configuration changes, such as changes to SSID settings, radio settings, or network updates. Use this screen to view config logs. you can specify date/time, severity, select one or multiple event types, and enter the operator name to display the log messages related to it. Click Analyze > Event Log > Config Log to access this screen. Managing Organizations Managing Device Inventory and License The Device page lists all devices currently found in the inventory or added to a network within the current organization. The Device page contains the following information about each device:

Type: type of the device. Name: Device name. Model: Model name of the device. Serial Number: serial number of the device. MAC: MAC address of the device. Network: the network that the device has been added to. License Status: Active, Inactive, Merging, expired, you can see the detailed explanation in the license section. Expiration Date: The date that the license is expired Register Time: time of the device's addition to the inventory. Register by: user responsible for adding the device to the inventory. On the top of the right corner, you could see below information Earliest expired date on of devices on: This will display the earliest expired date of the devices in the organization to remind users to add license by then. Expired devices: The number of expired devices in this organization. For example, If its AP, and since AP license mode is Pro, so those AP cannot be managed by Cloud and show off-line if in Network. Expire within 30 days: The number of the devices will expire within 30 days in this organization. Furthermore, cloud will send you the notification when there are devices to be expired within 30 days and within 3 days. Register a Device Registering devices onto EnGenius Cloud inventory is easy. Enter devices by their serial number, one per line, and click the Register button. Assigning Devices to a Network This feature helps the users in assigning devices to a network. 1. Navigate to the Device page. 2. Select one or multiple devices as per your requirements. 3. Click Assign to Network. Removing Devices from a Network This feature allows for devices to be deleted in bulk from a network. To delete devices using bulk delete:

1. Navigate to the device page. 2. Select one or multiple devices as per your requirements. 3. Click Remove from Network. De-registering a Device from EnGenius Cloud This feature allows you to remove registered devices from EnGenius Cloud inventory. 1. Navigate to the device page. 2. Select one or multiple devices as per your requirements. 3. Click De-Register Device. If you de-register the device when the license status is active or merged, the license on the device will be deleted. As for status is merging, the license will be disassociated. This action cannot be undone and all records will be lost. Replace the device The device can be replaced with other devices for RMA/DoA purposes. This is the only way the license on the device can be transferred to other devices, so the replaced devices license will be expired after you replace the device successfully and the new device will use the replaced devices license. Per-Device Licensing The Per-Device licensing model allows users to assign a license directly to a specific device. There are two types of feature plans - BASIC and PRO. ( For details, click on "https://www.engenius.ai/cloud/licenses"). You need to buy the AP Pro license to associate with the AP to use the AP Pro feature set and so does Switch. You can navigate to the Organization > Inventory & License > license tab to access this page. Feature plan n the top of the page, you can switch the Feature plan per Device type. For example, you need the PRO feature and there is a pro icon near the feature name. What you need to do in advance to use the PRO feature is below. 1. Purchase the AP/ SW PRO license to get the License Key 2. Add the License Key on the License page and associate the licenses to Devices (AP/SW) 3. Switch the AP/SW feature plan to PRO, so you can use this feature

(https://www.engenius.ai/cloud/licenses ) => The AP/SW feature plan details. Icon Description Device will use basic feature plan. No license is required AP Professional Plan is required. Switch Professional Plan is required. Note 1: Under the"Pro" feature plan, all devices need to have valid licenses, otherwise the device will not be able to be managed by Cloud. License status Inactive: A license has not started to burn. Active: The license starts to burn which means the license has started to tick and the time remaining starts to decrease. Merging: There is a 7 days grace period for users to undo the license associated with a device, in case users place the license wrongly. Once merged, after 7 days or when the license is activated, the license is bundled with the device and cannot be removed. (the only way is replacement) Expired: The license on the device is expired Merged: When the license is associated with the device after 7 days grace period but hasn't been used

(activated). For example, if a license is added to a device that has a license on it already, the newly-added license will become merged and the activation date will be the date after the previous license. Canceled: When the license order is canceled, the license will be canceled, and the associated device's expired date will be deducted. 1 Year Free License All existing devices and any newly registered devices will have 1 year free Pro license. The activation date is the date the device is registered to the Org, and the expired date is after 1 year. If the user de-registered the device and register again, The cloud will keep the expired date. Note: For purchased licenses associated with the device already, once the device is de-registered from the Organization, Cloud cannot associate the licenses with the device anymore, so if the device registers to Organization again, its like a brand new one without the license.

Add License You can add the license key from the Organization > Inventory & License > License page. After the license key is entered into the Cloud, it will extend to multiple units of License, all coming from the same License Key and showing the same Issued date Auto Associate When entering the license key, users can choose Auto Associate for Cloud to find a list of devices without license randomly for the license to auto-associate to. If the license unit is more than the candidate devices, after the association, the left license will be put on the License page without association. 90 Days Force Activate for License Key After 90 days the license key has been issued, if the license is not activated during the period, the licenses will be force-activated on the 91st day. Associate to Device This allows you to auto associate the licenses to devices. it is the same behavior that you click auto associate when you add a license. Change Organization In the license tab, only licenses that don't associate with any device ( association field is empty) can be moved to other organizations. (User needs to have Org Admin privilege of both organizations) If users want to move the license already associated with the device, please go to the device page to move If there are multiple licenses associated with the device, then all licenses will be moved to the new Org together with the device. Assign License Users can choose 1 year or 3 years and let Cloud choose any license whose issued date is earlier to associate to the device. 7 days grace period There will be 7 days grace period after you assign a license to the device. in this period, you can change Undo Only when in 7-days grace period, user can click undo to disassociate the license from the device. Change log This will record any changes on the license, so you could easily track them. You could navigate to Organization > Inventory & License > Change log tab to access this page. Privacy Exposure Analysis would show you the timeline with the list of clients connected to the same AP based on a particular client. If you enable this feature would allow us to retrieve and present your client data in a timeline manner. Click Organization > Privacy to access this screen. You can click Manage=> Clients to access this page to see the details after you enable the Exposure Analysis. Backup & Restore Generating a New Backup Users can create a new Network-wide setting and device backup by going to Organizations > Backup &

Restore Restore: This allows you to restore all settings( Network-wide settings and Device settings) to the corresponding network. Protect: This allows you to protect the backup, so the backup will not be rotated when you exceed 2 backups of the network. Re-Backup: This allows you to update the current settings to the backup of the corresponding network. Clone Network When creating a new network you have the option to clone the configuration from another network. This will copy all network-wide configurations from the existing network with the exception of local device configurations. Managing Team Members Use this screen to view, manage, and create user accounts for organization/network. Click Team Member icon to access this screen. The Team Member page contains the following information about each member:

Name : member name . Email : member email . Org Permissions : member's org permissions . Network Managed : Displayed numbers of member's network permissions , hovering on the permission badge will display the network . Status : Member account status . Active means member has completed the signup . Invited means invitation mail had been sent but member hasn't complete the signup . Last login : time that user last logged in . Modify : click to modify the member permissions . Invite New Members You can invite multiple users and assign them permissions for entire organization trees at once. 1. Input the user email, one per row. 2. Assign member privileges for a network or organization. 3. Click Apply to save changes. Modify Member Permissions 1. Click Modify. 2. Change the Permission based on the organization trees. 3. Click Apply. Roles and Permissions Organization Permission Types Admin: user has full administrative access to all networks and organization-wide settings. This is the highest level of access available. Viewer: user is able to access most aspects of network and organization-wide settings, but unable to make any changes. Network Permission Types Admin: user has access to view all aspects of a network and makes any changes to it. Viewer: user able to access most aspects of a network, including the configuration section, but no changes can be made. Front desk: user is able to access the front desk portal to generate guess passes and manage guest passes only. Notification & Alerts Notification Center EnGenius Cloud provides a notification mechanism for alerting you to important events that occurred. You can click the bell icon to access this screen. Recent Notifications This shows the event numbers that occur and is ordered by organization. You can click one of the organizations in the list to access detailed event information. Preferences Network Subscription This allows you to subscribe or unsubscribe to network events. When subscribed, you will receive that network's notifications Notifications Mobile App Notifications: You can turn on/off notifications on the EnGenius Cloud Mobile App. Email Notification: You will receive an email digest of network events at a scheduled time if at least one event has occurred. Email format You will receive email formats like below if you enable the Email Notification Click See more details to see Network events. Each card represents an individual organization and each divider inside cards represents different networks. Filter events: On the top of page allows you to filter events. You can check or uncheck the checkbox near error and warning events. Configuring Alert Settings There are a number of options available for email alerts to be sent when certain network or device events occur. Alerts can be configured under Configure > Alerts. Access Point Alerts Alerts can be configured for the following access point events:

AP(s) go offline for XXX minutes: sends an email if one or more access points go offline for a preset

(and customizable) amount of time. Configuration changed within network: sends an email if SSID, radio settings, firmware upgrade,

. s g n ti t e s d n e s

an email if event severity meeting a mi ni mum s lt u a ef d e h t e rid r e ov s r u c c o e v o b a d n a X s g in tt e s e c i v de X X X y it r e v e s h l a u id iv d n i it w t n e v E or severity threshold occurs. Switch Alerts Alerts can be configured for the following switch events:

Configuration changed within network: sends an email if SSID, radio settings, firmware upgrades, or individual device settings override the default settings. Switch port link status change: sends an email when device port link status is changed. Switch STP Port status change: sends an email when device port STP status is changed. Switch LBD Port status change: sends an email when device LBD status is changed. Switch(s) go offline for XX minutes: sends an email when switches go offline for a preset number of minutes. Any/specific switch port(s) changed link speed: sends an email when a switch port link speed changes. Event with severity XXX and above occurs: sends an email if an event occurs with a severity equal to or higher than a preset value. Mobile App cloud-to-go The EnGenius Mobile App is a mobile user interface (UI) for EnGenius Cloud. You can keep an eye on your network when you are on the go. This is a great solution for around the clock network support. Versions are available for Android on Google Play and iOS via the App Store. Adding a Device This section explains how to add a networking device to your network using the EnGenius Mobile App. 1. Navigate to the Inventory tab and tap the + symbol on the bottom-right of the screen. 2. Find the QR code at the bottom of the device and scan it. If the camera successfully scanned a QR code, the app will display the Device Information. You could tap Register to complete the Registration. If you failed to scan the QR code successfully, you could tap Okay, try another. 3. Once a device has been successfully registered, you can tap Assign to Network site now. 4. Tap the Network and tap Apply.

/r 2APs I 6 Switches I 17 Clients BF 3APs I 6 Switches I 16 Clients 9F SAPS I 6 Switches I 16 Clients 5. Once you select the wrong network, you could tap Change to select the correct network. If the network is correct, tap Next . 6. You could tap Finish to complete the whole process or tap Register more to register other devices . Get Remote Support LiveChat Whenever you login the system, you can always find a LiveChat button at bottom-right corner of the page. You can leave a message with this chat system. EnGenius support team will usually feed back in minutes. Remote Support Passcode The EnGenius Support Passcode is used to verify users' identities for security purposes. When you get trouble on configuring your networks or operating your cloud configurations, you can click on the Help button on the top-right corner of menu. Choose Remote Support and click on Generate PASSCODE . There is an option here that you can decide how long the generated passcode is valid (from 1 hour to 7 days). By sending the generated passcode to EnGenius support team on LiveChat, support team can access your account temporarily to diagnose and resolve issues you've raised. Note that the generated PASSCODE will automatically expire after a period of time. Support team won't be able to access your resource once the PASSCODE is expired. Security Two Factor Authentication Two Factor Authentication, also known as 2FA or TFA, is a two-step verification process that requires more information in addition to the usual username and password. This extra piece of information is something only the user will know or have physically with them, like a token sent to a mobile app, for example. It is very important to create backup codes the moment you enable 2FA on your account in case your phone is lost and cannot access the 2FA code. How to Enable TFA to protect your account 1. Download and install the "Google Authenticator" APP on your mobile phone. https://apps.apple.com/us/app/google-authenticator/id388497605 . Google Authenticator will generate OTP

(One-time passcode) for your account on EnGenius Cloud by following below steps. Please be reminded that if you have multiple accounts, then you need to generate corresponding entries to each account in Google Authenticator. 2. Select Two Factor Authentication from the top-right menu. 3. Open your chosen authenticator app on your smartphone. Since the following is using Google Authenticator as an example, the steps might vary slightly. Open the Google Authenticator app on your phone, tap Menu, then tap Begin Setup > Scan barcode. If you already have other accounts, you would click the plus sign (+) on the upper right and then Scan barcode. 4. Your phone will now be in the "scanning" mode. Go ahead and scan the QR code that appeared in the popup. 5. Enter the 6-digit authentication token provided by Google Authenticator into the popup, then click Activate . Recovery codes It is extremely important to back up a set of Recovery codes the moment two-factor authentication is enabled. These codes will allow you to unlock your account to disable TFA if you somehow lose access to your authenticator app (if say you lost your mobile). You can access Recovery code after you enabled 2FA. You will be given a list of 10 backup codes, copy them somewhere safe. If there's a possibility someone has gained access to your codes, generate new ones to make those compromised ones obsolete. How to Deactivate TFA 1. Select Two Factor Authentication from the top-right menu. 2. Click Deactivate How to Access a Locked Out Account If you are locked out of your account because you changed mobiles, deleted the authenticator app by mistake or lost your phone, you can get access to your account once more with the below method. Login Cloud using recovery codes 1. Go to cloud.engenius.ai enter your username and password as usual, and prompted for the screen for you to enter code. 2. Now just paste one of the backup codes you previously saved and click Verify. 3. Follow the How to Deactivate 2FA and How to Enable 2FA to protect your account procedure again. Remember to click Download code to save a new set of backup codes. Other possible issues and solutions are discussed in this Google 2-Step Verification Help article. TFA Enforcement to your Organization This feature helps the Organization administrator to enforce all Cloud users to have more secure to access the organization. If you enable TFA Enforcement , your team members are required to have two -factor authentication (TFA) enabled when access this organization. If team members don't activate 2FA, they are not allowed to access this organization . You can access this feature by clicking Organization > Security . If the user manages multiple Organizations and does not enable TFA, he is still able to log in to Cloud. However, he cannot access the Org with TFA enforcement enabled as a requirement. Report Report lets you compile reports of past activity on your Organization/HV/networks. These reports can be filtered to only include certain organizations, HV, or networks. You can send them to recipients by email and schedule them to run periodically. How can I create Reports?

To create your reports, you need to go to the Reports located on the left panel. Under the tab Task you will find the button New Task and click it. When you click on this button a new wizard will be displayed with the steps to customize report content directly Cover letter Author: Input Author and will be displayed in report cover letter) Cover letter: Select the style and will be displayed in the cover letter) Language: Support English only currently) Logo: Upload the logo you want to display on the cover letter) Page Content This allows you to select page contents that will be displayed on your report. You can click the gear icon to show or hide the table data. Configuration 1. Select Org-tree: this is the report data to collect from ). 2. Dashboard Period: Select the day, week, or month data you want to display on the dashboard Data. eg: Throughput. Top series . ) 3. Throughput SSID: Select the SSID you want to collect on throughput data) 4. Schedule: Select the report to be generated right now or Specific time or weekly) 5. Email: Enter the recipient's email address that you want to send the report) Confirmation This allows you to review all the page contents and settings on a single page. If you want to change the settings, you could click back to change. If all the settings are OK, click Apply to create a task. Reports View The Report Tab displayed the lists of reports that the system has generated based on your task. When you open a saved report from Report Tab, cloud will display reports that your task generated:

1. Task name (same as report name): Click to navigate to corresponding tasks. 2. Last report: You can easily download the last generated report by hyperlink. 3. Numbers of reports generated by same tasks. 4. Allows you to email this report to someone. 5. Download report. 6. Delete report. Edit Task After you created the Tasks, this page allows you to monitor the data that you have selected. There are some icons for you to know the task status and do further editing. 1. Mail icon: This task has some email recipients that have been configured. 2. Calendar icon: This task has been scheduled to generate a report continuously. 3. New Task: This allows you to create another task. The basic mode only allowing you to create a single task and only have one report recorded. 4. Edit icon: This allows you to edit the task settings. 5. Pause icon: This allows you to temporarily stop the scheduled task. Appendix Access Point LED Behavior Access Point LEDs and what they mean The table below describes the LEDs on the access point, their flashing patterns, and what those mean for its function. LED Power LAN 2.4G 5G Static Flash Off Power is on Cloud is connecting Power is off Connected to LAN between AP and the No connections to LA Data is transmitting Internet. AP is not transmitting AP is transmitting data data, Radio is on between AP and client Radio is off AP is not transmitting data, Radio is on AP is transmitting data between AP and client Radio is off If four LEDs are flashing, it means that AP is performing a firmware upgrade. SSID Troubleshooting Naming Rules There is a management SSID that lets users know the current status when an access point connects to EnGenius Cloud. If an access point has lost its connection to the Internet but still receives power, it will broadcast a management service set identifier (SSID) that can be connected to for administrative tasks. Connect to the default SSID by completing the following steps:

1. Physically check that the access point has power. 2. Check if a known default SSID is being broadcast. 3. If a management SSID is being broadcast, connect your device to it. 4. After connecting, check your gateway IP address to connect to the local status page. If you can't find the gateway IP, please make sure the access point is in NAT mode. Management SSIDS

<EnMGMTxxxx>-SSID_name>-No_Eth Cause: AP does not have Ethernet connection. Solution: Check if the Ethernet cable is unplugged.

<EnMGMTxxxx>-No_IP Cause: AP cannot get an IP address from DHCP server. Solution: Check the AP's IP address configuration.

<EnMGMTxxxx>-IP_Conflict Cause: APs IP address conflicts with another device's IP in the same network. Solution: Check the AP's IP address configuration.

<EnMGMTxxxx>-Gateway_ERR Cause: AP is unable to connect to its default gateway. Solution: Check the AP's IP address configuration and connectivity to its default gateway.

<EnMGMTxxxx>-Proxy_ERR Cause: AP could not access Internet through HTTP/HTTPS proxy. Solution: Check the APs proxy configuration in miscellaneous settings.

<EnMGMTxxxx>-DNS_ERR Cause: AP could not resolve the domain name from the DNS server. Solution: Check the AP's IP address configuration.

<EnMGMTxxxx>-Cloud_ERR Cause: Everything seems to be working, but a connection to EnGenius Cloud cannot be established. Solution: Check EnGenius Cloud server status with EnGenius. Firewall rules Below is the Firewall rules which is needed to access EnGenius Cloud. Cloud Devices Cloud Services Source IP Destinatio n IP Protocol Direction

(Inbound Ports

(TCP/UDP outbound

/ICMP..) Periodical Cloud communic ation,Firm ware Upgrade,R eal-Time Meter Persistent Cloud communic ation Your Networks any 443 TCP Outboun Your Networks 44.224.197

.174 80 TCP Outboun Cloud Radius Your Networks 44.225.123

.183 1812/1813 TCP &

UDP Outboun NTP time sychroniza tion Your Networks any 123 UDP Outboun AP, SW , Ensky AP, SW , Ensky AP AP, SW , Ensky AP, SW , Ensky Remote Tunnel Your Networks 44.230.110

.152 22 TCP Outboun AP Splash Page Your Networks any 80/443 TCP Outboun FEDERAL COMMUNICATIONS COMMISSION INTERFERENCE STATEMENT This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

-Reorient or relocate the receiving antenna.

-Increase the separation between the equipment and receiver.

-Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

-Consult the dealer or an experienced radio/ TV technician for help. CAUTION Any changes or modifications not expressly approved by the grantee of this device could void the user's authority to operate the equipment. This device meets all the other requirements specified in Part 15E, Section 15.407 of the FCC Rules. FCC regulations restrict the operation of this device to indoor use only. The operation of this device is prohibited on oil platforms, cars, trains, boats, and aircraft, except that operation of this device is permitted in large aircraft while flying above 10,000 feet. Operation of transmitters in the 5.925-7.125 GHz band is prohibited for control of or communications with unmanned aircraft systems. RF Exposure warning This equipment must be installed and operated in accordance with provided instructions and the antenna(s) used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter. End-users and installers must be provide with antenna installation instructions and transmitter operating conditions for satisfying RF exposure compliance. Industry Canada Equipment Standard for Digital Equipment (ICES) Canada Compliance Statement This Class B digital apparatus complies with Canadian ICES003. CAN ICES-003 (B)/NMB-003(B) Cet appareil numrique de la classe B est conforme la norme NMB003 du Canada. Innovation, Science and Economic Development Canada(ISED) Compliance Statement This device complies with ISEDs licence-exempt RSS standard(s). Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of the device. Le prsent appareil est conforme aux CNR d ISED applicables aux appareils radio exempts de licence. Lexploitation est autorise aux deux conditions suivantes : (1) le dispositif ne doit pas produire de brouillage prjudiciable, et (2) ce dispositif doit accepter tout brouillage reu, y compris un brouillage susceptible de provoquer un fonctionnement indsirable. Caution User should also be advised that:

(i) the device for operation in the band 51505250 MHz is only for indoor use to reduce the potential for harmful interference to cochannel mobile satellite systems;

(ii) the maximum antenna gain permitted for devices in the bands 52505350 MHz and 54705725 MHz shall comply with the e.i.r.p. limit; and

(iii) the maximum antenna gain permitted for devices in the band 57255825 MHz shall comply with the e.i.r.p. limits specified for pointtopoint and non pointtopoint operation as appropriate. Highp ower radars are allocated as primary users (i.e. priority users) of the bands 52505350 MHz and 56505850 MHz and that these radars could cause interference and/or damage to LELAN devices. Les utilisateurs devraient aussi tre aviss que

(i) les dispositifs fonctionnant dans la bande 51505250 MHz sont rservs uniquement pour une utilisation lintrieur afin de rduire les risques de brouillage prjudiciable aux systmes de satellites mobiles utilisant les mmes canaux;

(ii) le gain maximal dantenne permis pour les dispositifs utilisant les bandes 52505350 MHz et 5470 5725MHz doit se conformer la limite de p.i.r.e.;

(iii) le gain maximal dantenne permis (pour les dispositifs utilisant la bande 57255825 MHz) doit se conformer la limite de p.i.r.e. spcifie pour lexploitation point point et non point point, selon le cas. De plus, les utilisateurs de radars de haute puissance sont dsigns utilisateurs principaux (c.d., quils ont la priorit) pour les bandes 52505350 MHz et 56505850 MHz et que ces radars pourraient causer du brouillage et/ou des dommages aux dispositifs LANEL. The operation of this device to indoor use only. The operation of this device is prohibited on oil platforms, cars, trains, boats, and aircraft, except that operation of this device is permitted in large aircraft while flying above 10,000 feet. Operation of transmitters in the 5.925-7.125 GHz band is prohibited for control of or communications with unmanned aircraft systems. Le fonctionnement de cet appareil pour une utilisation en intrieur uniquement. L'utilisation de cet appareil est interdite sur les plates-formes ptrolires, les voitures, les trains, les bateaux et les avions, sauf que l'utilisation de cet appareil est autorise dans les gros aronefs en vol au-dessus de 10 000 pieds. L'exploitation d'metteurs dans communications avec des systmes d'aronefs sans pilote. la bande 5,925-7,125 GHz est interdite pour le contrle ou les Radio Frequency (RF) Exposure Information The radiated output power of the Wireless Device is below the Innovation, Science and Economic Development Canada (ISED) radio frequency exposure limits. The Wireless Device should be used in such a manner such that the potential for human contact during normal operation is minimized. This device has also been evaluated and shown compliant with the ISED RF Exposure limits under mobile exposure conditions. (antennas are greater than 20 cm from a person's body). informations concernant l'exposition aux frquences radio (RF) La puissance de sortie mise par lappareil de sans fil est infrieure la limite d'exposition aux frquences radio d'ISED Canada (ISED). Utilisez lappareil de sans fil de faon minimiser les contacts humains lors du fonctionnement normal. Ce priphrique a galement t valu et dmontr conforme aux limites d'exposition aux RF d'ISED dans des conditions d'exposition des appareils mobiles (antennes sont suprieures 20 cm partir du corps d'une personne).

Date: April 25, 2022 Subject: Letter of Declaration on LPI Operation FCC ID: A8J-ECW336 IC: 10103A-ECW336 Product Name: 11ax Cloud Managed AP To whom it may concern:

We the undersigned, hereby attest that this device complies with the following requirements of Part 15E/RSS-

248 of the FCC/ISEDs rules for the 6GHz bands:

a.) An IEEE 802.11ax Access Points Transmit Power Envelope element has information fields for power limits for connecting client/subordinate devices. The TPE information is contained in this device signals and used by connecting client/subordinate to ensure that it knows the regulatory TX powers it is allowed to transmit at. There is a regulatory info field in this device beacon and probe response frames which details this device type when the client/subordinate associates to this device. b.) The statement acknowledging device restrictions:

i. This AP is power from a wired connection, has an integrated antenna, is not battery powered, and does not have a weatherized enclosure. This AP will not be allowed on oil platforms, cars, trains, boats, and aircraft, except that operation of this device is permitted in large aircraft while flying above 10,000 feet. This AP is prohibited for control of or communications with unmanned aircraft systems, including drones. ii. iii. Sincerely,

Meng Chee Leo / General Manager Telephone Number: 888.735.783.7888 ext. 888 Fax Number: 714.432.8667 E-mail Address: mc.leo@engeniustech.com

Date: April 25, 2022 United States EnGenius Technologies 1580 Scenic Avenue Costa Mesa Stanley Wu DEKRA Testing and Certification Co., Ltd. No. 26, Huaya 1st Rd., Guishan Dist., Taoyuan City 33341, Taiwan. Declaration of Authorization We Name:

Address:

City:

State California Country:

Declare that:

Name Representative of agent:

Agent Company name:

Address:

City:

Country:

is authorized to apply for FCC/ ISED Certification of the following product(s):

Product Name: 11ax Cloud Managed AP Model: ECW336 FCC ID: A8J-ECW336 IC: 10103A-ECW336 Trademark: EnGenius on our behalf.

Meng Chee Leo / General Manager Telephone Number: 888.735.783.7888 ext. 888 Fax Number: 714.432.8667 E-mail Address: mc.leo@engeniustech.com