Employee Network
An Employee network is a classic Wi-Fi network. This network type is used by the employees in an organization and it supports passphrase-based (PSK) or 802.1X-based authentication methods. Employees may access the protected data through the employee network after successful authentication. The employee network is selected by default during a network profile configuration.
The very first employee network you create for the site cannot be deleted unless you choose to delete the site entirely from your account.
To configure an employee network:
- Click the Instant On web application home page, or click Networks from the navigation pane on the left. tile on the
- Under Networks > Overview, click Create Network.
- Under Network Identification, configure the following:
- Name—Enter a name for the employee network. This will also be broadcast as the SSID for the WLAN network.
- Network Type—Select the option. The wireless option appears only when your site has both wired and wireless networks.
- Click Next.
- Under Network Properties > Network Usage, select , to indicate that the network is for an enterprise.
- Under Network Password (PSK), enter a password of your choice in the
The Network password settings will be grayed out when only the 6 GHz radio spectrum is selected for the wireless network. For more information, see Radio.
text box. This enables you to secure the network using a shared password (PSK). - Under Security, select one of the following Network Security options:
- WPA2 Personal—Uses PSK password authentication. WPA2 Personal is enabled by default.
- WPA2 + WPA3 Personal—Uses PSK password authentication. Select WPA2 + WPA3 Personal to enable this option.
- WPA2 Enterprise—Uses Radius authentication. Select the WPA2 Enterprise radio button to select this option.
- —Uses Radius authentication. Select the WPA2 + WPA3 Enterprise radio button to select this option.
- Selecting the WPA2 Enterprise or WPA2 + WPA3 Enterprise options, displays the RADIUS Server configuration and Network Access Attributes options. This enables you to secure the network using a higher encryption RADIUS authentication server. Configure the following settings:
You must configure the RADIUS server to allow APs individually or set a rule to allow the entire subnet.
- —Enter the IP address or fully qualified domain name of the RADIUS server.
- —Enter a shared key for communicating with the external RADIUS server.
- Instant On AP attempts to send the request several times (as configured in the ) before the user gets disconnected. For example, if the Timeout is 5 seconds, Retry counter is 3, user is disconnected after 20 seconds. The default value is 5 seconds. —Specify a timeout value in seconds. The value determines the timeout for a RADIUS request. The
- —Specify a number between 1 and 5. Retry count indicates the maximum number of authentication requests that are sent to the server group, and the default value is 3 requests.
- —Enter the authentication port number of the external RADIUS server within the range of 1–65535. The default port number is 1812.
—Configure the following parameters for the . - —Under Security > Network Options, select this checkbox to send RADIUS accounting messages.
- —Enter the IP address or fully qualified domain name of the secondary RADIUS server.
- —Enter a shared key for communicating with the secondary RADIUS server.
- Instant On AP attempts to send the request several times (as configured in the ) before the user gets disconnected. For example, if the Timeout is 5 seconds, Retry counter is 3, user is disconnected after 20 seconds. The default value is 5 seconds. —Specify a timeout value in seconds. The value determines the timeout for a secondary RADIUS request. The
- —Enter the authentication port number of the secondary RADIUS server within the range of 1–65535. The default port number is 1812.
—Under Security > Network Options, select this checkbox to configure a secondary RADIUS server. When selected, configure the following parameters:
- Network Access Attributes—Configure the following settings under Instant On AP to the client.
- —Enter a string value for RADIUS attribute 32, NAS Identifier, to be sent with RADIUS requests to the RADIUS server.
- Instant On devices are configured in a private network mode. The options below determine how the RADIUS authentication takes place across all networks. This option is grayed out if the Instant On AP is configured as a primary Wi-Fi router on the network. In which case each AP in the network will send RADIUS requests to the server with a matching Source IP address and NAS IP address.
- —This is the default setting. The RADIUS requests and NAS IP address will originate from each device authenticating the clients.
- —The RADIUS and NAS IP address will originate from a single IP address representing the site. Enter the for the site.
—Select one of the following options if your
, if you wish to proxy all RADIUS requests from the - Click IP Assignment configuration. and proceed with the
- Click Create Network, to finish creating the Employee Network.
Deactivate Network
If you choose to make the network inactive temporarily and prevent clients from connecting to it, follow these steps:
- Click the Instant On web application home page, or click Networks from the navigation pane on the left. tile on the
- In the Networks > Overview screen, follow one of the following methods:
- Clicking on the network name. The Network details page is displayed. Under Security > Network Options, you have the option to hide the SSID for the network, by clicking the Hidden Network checkbox. To activate the network once again, unselect the Hidden Network checkbox.
- Hover the cursor over the network you want to deactivate temporarily, click the button, and select Deactivate from the drop-down list. To activate the network once again, follow the same procedure and select Activate from the drop-down list.
The Management Network cannot be deactivated.
Delete Network
Follow these steps to delete a network:
- Click the Instant On web application home page, or click Networks from the navigation pane on the left. tile on the
- Under Networks > Overview, use one of the following methods to view the network details:
- Click the Network name and follow Step 3.
- Hover the cursor over the network you want to delete, click the button, and select Delete from the drop-down list.
- Click the Delete button, next to Delete Network.
- Click Delete Network from the popup window.