This guide will provide the basic configurations to quickly set up your own managed network. The guide highlights the minimum steps required for a wired or wireless network in each of the EWS controller's  features; Service  Zones,  Authentication,  Page Customization and User Policy Management and AP Management. An introduction to Edgecore's Wide Area AP Management (WAPM) will include a comprehensive guideline to manage a remote Edgecore Access Point (AP) by establishing a CAPWAP Tunnel between the EWS and AP. Please click here to know more.

The article is aimed at explaining the setup of the High Availability (HA) functionality on the Controller. HA is a system or component that is continuously operational for a desirably long length of time. Edgecore's HA mechanism uses redundancy to achieve high availability with minimum impact during service transition. HA 1+1 can be configured to provide redundancy for one Controller. Once the HA links have been established, all system configurations, user databases, user online status, system resource status, managed AP profile are synchronized between the Active AC and the Standby AC. Furthermore, the Standby AC uses a HA link monitoring module to check the status of the Active ACs. During an event that an Active AC is not responding via the HA interface, this module will regard this AC as no longer providing service and take over network service. Please click here to know more.

Universal access method (UAM) has become a popular method for network service providers, particularly Wi-Fi service providers, to grant or deny access to more network resources to users connected to the wired or wireless networks they manage. UAM involves presenting a web page in a browser to the connected users, so that the users can login to access more network resources. 
UAM is also one of the authentication methods supported by the EWS  controller, besides other authentication methods such as 802.1X authentication and auto login by the controller based on the MAC addresses and/or IP addresses of the devices used. Furthermore, the EWS controller also supports customization to the behavior of UAM through a UAM filter and provides UAMD log. Please click here to know more.

Cross Gateway Roaming is a powerful feature on the Controller that allows an authenticated end user to roam seamlessly within a large network deployment where multiple WLAN controllers are in service at different locations. Note that "authenticated end user" here refers to an end user that has been authenticated by any of the internal/external authentication options on the Controller. 
Normally,  when  a  user  moves  from  an  edge  AP  managed  by  one  Controller  to  another  edge  AP managed by another Controller, the user would experience network disconnection and have to re-login. However, with Cross Gateway Roaming, the user can stay logged in to the network and continue to enjoy network access without interruption. 
Cross Gateway Roaming adopts a star topology that consists of one Master Node that sits at the center and multiple Slave Nodes that connect to it. One Master Node may connect with up to 15 Slave Nodes. A Controller can be in Master Mode or Slave Mode depending on its Cross Gateway Roaming settings. 
This technical guide aims to explain the setup flow of Cross Gateway Roaming on the Controller. Below are two exemplary network deployments that deploy Cross Gateway Roaming so that authenticated users could seamlessly roam within the larger network. Please Click here to know more.

With support for authentication, authorization, and accounting (AAA), the controller allows network administrators  to  effectively  manage  network  access,  control  network  usage  and  monitor  user activities. 
In this technical guide, the authentication flow on the controller is illustrated using a flowchart. With this flowchart, readers would be able to understand the order in which authentication methods are presented  on  the  controller, so they could better plan the authentication methods they'd like to leverage as well as better understand how they could troubleshoot if necessary. 
Furthermore, as will be seen from the flowchart, a variety of authentication methods are available on the controller for network access control, including web-based, 802.1X, WISPr and MAC authentication. How each authentication method works and where to configure its settings are also explained.   

Please click here to know more details.

Virtual private networks (VPNs) provide a way for secure connections to be established across the public network by tunneling the traffic. VPNs generally fall into two types — remote-access VPN and site-to-site VPN. Remote-access VPNs can be used to securely connect a host to a private network. For example, companies can allow staff to remotely access the file servers or other resources on the headquarters' intranet from an outside network using remote VPNs. With site-to-site VPNs, separate private networks could be joined for data sharing or other purposes. For example, private networks of different office branches of a company or even private networks of different companies can be joined.   
  • The Site-to-Site VPN feature on the controller is introduced, and guidance on how  to  build and configure an exemplary site-to-site VPN is provided through step-by-step explanations. Click here to know more details.
  • The Remote VPN feature on the controller is introduced, and guidance on how to setup and configure remote VPNs on the controller as well as on client devices is provided. Click here to know more details.

This technical guide provides information on where to find the log data, where to set up automatic notification, and how to view the logs for the EWS controller. 

There are multiple types of logs and reports in the Controller, as described in the following:
a.  CAPWAP Log
b.  Configuration Change Log 
c.  Local Monthly Usage 
d.  Local Web Log 
e.  Micros Opera Log 
f.  On-Demand Billing Report 
g.  RADIUS Server Log 
h.  SIP Call Usage Log 
i.  SMS API Log 
j.  System Log 
k.  UAMD Log 
l.  User Events 
For all the logs described above, “Notification” works as a central data processor to send log entries to configured external systems (including administrators’ email box, FTP servers, and SYSLOG servers) at certain timed intervals. Click here to know more details. 

MAC address-based access control grants or denies users' access to the network based on the MAC addresses of users' devices. On the controller, there are three types of MAC address-based access control available – MAC Authentication (by Service Zone), MAC Privilege List, and MAC Access Control List. 

In this guide, mechanisms of these different MAC address-based access control options are explained and a comparison between them is given. Possible scenarios for these MAC address-based access control options are also illustrated. Moreover, step-by-step configuration guides are provided to facilitate the configuration process. Click here to know more details. 

This article is aimed at explaining the practical setup flow of “User Bandwidth Throttling”, which is a new feature available in version 3.43 for all EWS series. The newly added feature allows network administrators to enforce double QoS policies on users, providing greater flexibility in traffic control especially for guest users. For all authentication options, especially Guest Authentication and Social Media Login for now, time-based bandwidth throttling feature as a part of the policy profile is the win-win solution for providing free Wi-Fi service in public areas. 

This technical guide should help network administrators to easily setup and configure bandwidth limitation for all users in the network. Click here to know how to setup the User Bandwidth Throttling. 

This technical guide is written for network managers who would like to integrate on-demand authentication on Controller with third-party property management systems (PMS) such as Micros Opera. 

For PMS other than Micros Opera, a table of attributes is provided in this guide for system integrators to achieve integration with the Controller. Implementation examples are also given to help system integrators plan and carry out integration. 

With such integration, the following can be achieved 
1. Check-in information entered into the PMS by the hotel receptionist can be used as Wi-Fi login credentials 
2.  Data usage of each logged-in guest can be monitored and managed from the Controller 
3.  The Controller can send billing plan rate the user chose to the PMS as part of the check-out information 
After reading this document, the reader should have a clear understanding of how user data from existing PMS can be used in authenticated Wi-Fi services and how to pragmatically set up the integration on the Controller. Click here to know more details for Third Party PMS Intergration.

Edgecore Gateway Controller series support SMS Gateway integration. The On-Demand account credentials can be sent to the users by SMS text messages. This technical document provides detailed configuration steps for integrating SMS services to SMS Gateway. Clink here to find more details for SMS Gateway integration setting.
This technical guide aims to explain the configuration flow for a powerful feature offered by Edgecore wireless controllers. From the Web Management Interface (WMI), administrators can easily upload their own images and HTML files for a personally branded login page. An HTML Sample File can be downloaded from the WMI for customization. In addition, controller also provides an instant preview of the currently configured Login Page. Clink here to know how to configure the login page customization.

User Policy, can be applied to network users to govern their network usage. User Policy consists of four parts – Firewall, Privilege, QoS and Specific Routes, each of which has multiple profiles available for setup, and a particular User Policy would take one profile from each of Firewall, Privilege, QoS and Specific Routes, as defined by the administrator. Click here to know how to configure the user policies!

Social Media Authentication technical guide is aimed at explaining the practical setup flow of Social Media Authentication on the Controller. Using social media accounts for authentication has become an upcoming trend in public Wi-Fi networks.  The  Social  Media  Authentication  feature  on  the  Controller  allows  users  to  login  with  their existing  social  media  accounts  such  as  Facebook  for  Internet  access  without  having  to  provide  other credentials. With  this  technical  guide,  network  administrators  can  easily  setup  and  configure  for  Social  Media Authentication on the Controller for providing free Wi-Fi service to users. Click here to know more!
This guide explains the setup of Edgecore Wireless Controller to act as a RADIUS server for different applications. In this guide, two scenarios will be illustrated: 

1. Using the Wireless Controller as an external RADIUS server (Local and/or On-Demand databases) for a remote gateway 

2. Using the Wireless Controller as a RADIUS server in 802.1X authentication (transparent login)

Note that for the first scenario, the remote gateway can be an Edgecore Wireless Controller or a third-party controller, and multiple remote gateways can be setup. Detailed configuration are shown in the following chapters.   

This technical guide provides the administrator with instructions on how to setup the scenarios above for different applications. Verification from the client side is also shown in the end of the document. Click here to download the Technical Guide!


How to identify what kind of ''Failure Message''on Configuration Status of ECW7220-L/EWS4502 series and solve it, specific for country code?


1. After the AP managed by AC, but the configuration status still displayed 'Failure'.

System > WLAN > WLAN Configuration > Managed AP > Status > Summary

2. Users can check the reason of failure on the 'Detail!? page, the error is the setting about Country Code.

System > WLAN > WLAN Configuration > Managed AP > Status > Detail


3. Please changes to the correct country code.

System > WLAN > WLAN Configuration > Global > WLAN Switch


Check the country code of ECW7220-L.

Manage > Wireless Settings

*By default, if ECW7220-L has been managed by EWS4502 then web management interface will be disabling.

User may use following command to enable/disable the web interface via CLI.

ECW7220-L-7fa540# set web-server http-status up/down


4. After we change the correct country code, then the configuration will be provision to the AP successfully.

System > WLAN > WLAN Configuration > Managed AP > Status > Summary




1. Set the Wired Network Discovery VLAN ID to 10. Wired Network Discovery VLAN ID is the management VLAN that AP will using to communicate with AC controller after success managed by AC controller.

 (When the value not set to zero, means enabled VLAN classification at ALL AP that using this profile)


2. Modify the VLAN at corresponding VAP that want to enabled (default VLAN is 1)


3. Then apply the profile to take effect the configuration. (Remember need configure corresponding VLAN at the switch first before apply the profile.)

How to configure the AC cluster of EWS4502?
The EWS4502 with highest priority in the same cluster becomes the Cluster Controller.
If the priority is the same, the switch with lowest IP address will be the Cluster Controller.
And the highest cluster priority is 255.
AC cluster Scenario

How to configure the cluster priorty
Manage Page: System > WLAN > WLAN Configuration > Global
1. Configure the cluster priority of EWS4502-1 to 255.
*The highest cluster priority is 255, thus EWS4502-1 will become the Cluster Controller.

2. Configure the cluster priority of EWS4502-2 to 1.

How to check and ensure the cluster priority applied  
Manage Page: System > WLAN > Status/Statistics > Peer Switch
Users can know which AC is the current cluster controller and which AC will manage AP.
1. Peer switch status of Cluster Controller EWS4502-1