Since every Service Zone has its own configuration profile and acts like a virtual gateway, administrators can customize or define their own portal pages utilized by users of that Service Zone.

The customizable pages of a Service Zone are divided into two parts: Login Page Customization and Message Page Customization. 

In Login Page Customization, administrators can modify the content within Service Disclaimer, General Login Page, Port Location Mapping Free Login, and Port Location Mapping Paid Access Login. 

In Message Page Customization, the Login Success Page, Login Succeeded Page. For On-Demand Users, Login Failed Page, Logout Page, Logout Succeeded Page, Logout Failed Page can be customized.

Please click here to know more details.

One Time Password (OTP) is an authentication mechanism that enables users to obtain a login password (PIN code) via SMS so they can enter this code on the login page to login for Internet access. OTP also allows hotspot venues to collect user information with the integrated questionnaire for security and marketing purposes. This guide describes how to configure OTP and demonstrates a sample OTP login flow. Click here to know more. 

This technical guide aims to explain the configuration flow for a powerful feature offered by Edgecore wireless controllers. From the Web Management Interface (WMI), administrators can easily upload their own images and HTML files for a personally branded login page. An HTML Sample File can be downloaded from the WMI for customization. In addition, controller also provides an instant preview of the currently configured Login Page. Click here to know how to configure the login page customization.

Social Media Authentication technical guide is aimed at explaining the practical setup flow of Social Media Authentication on the Controller. Using social media accounts for authentication has become an upcoming trend in public Wi-Fi networks. The Social Media Authentication feature on the Controller allows users to login with their existing social media accounts such as Facebook for Internet access without having to provide other credentials. With this technical guide, network administrators can easily setup and configure for Social Media Authentication on the Controller for providing free Wi-Fi service to users. Click here to know more!

With support for authentication, authorization, and accounting (AAA), the controller allows network administrators  to  effectively  manage  network  access,  control  network  usage  and  monitor  user activities. 
In this technical guide, the authentication flow on the controller is illustrated using a flowchart. With this flowchart, readers would be able to understand the order in which authentication methods are presented  on  the  controller, so they could better plan the authentication methods they'd like to leverage as well as better understand how they could troubleshoot if necessary. 
Furthermore, as will be seen from the flowchart, a variety of authentication methods are available on the controller for network access control, including web-based, 802.1X, WISPr and MAC authentication. How each authentication method works and where to configure its settings are also explained.   

Please click here to know more details.

This guide will provide the basic configurations to quickly set up your own managed network. The guide highlights the minimum steps required for a wired or wireless network in each of the EWS controller's  features; Service  Zones,  Authentication,  Page Customization and User Policy Management and AP Management. An introduction to Edgecore's Wide Area AP Management (WAPM) will include a comprehensive guideline to manage a remote Edgecore Access Point (AP) by establishing a CAPWAP Tunnel between the EWS and AP. Please click here to know more.

The article is aimed at explaining the setup of the High Availability (HA) functionality on the Controller. HA is a system or component that is continuously operational for a desirably long length of time. Edgecore's HA mechanism uses redundancy to achieve high availability with minimum impact during service transition. HA 1+1 can be configured to provide redundancy for one Controller. Once the HA links have been established, all system configurations, user databases, user online status, system resource status, managed AP profile are synchronized between the Active AC and the Standby AC. Furthermore, the Standby AC uses a HA link monitoring module to check the status of the Active ACs. During an event that an Active AC is not responding via the HA interface, this module will regard this AC as no longer providing service and take over network service. Please click here to know more.

Universal access method (UAM) has become a popular method for network service providers, particularly Wi-Fi service providers, to grant or deny access to more network resources to users connected to the wired or wireless networks they manage. UAM involves presenting a web page in a browser to the connected users, so that the users can login to access more network resources. 
UAM is also one of the authentication methods supported by the EWS  controller, besides other authentication methods such as 802.1X authentication and auto login by the controller based on the MAC addresses and/or IP addresses of the devices used. Furthermore, the EWS controller also supports customization to the behavior of UAM through a UAM filter and provides UAMD log. Please click here to know more.

Cross Gateway Roaming is a powerful feature on the Controller that allows an authenticated end user to roam seamlessly within a large network deployment where multiple WLAN controllers are in service at different locations. Note that "authenticated end user" here refers to an end user that has been authenticated by any of the internal/external authentication options on the Controller. 
Normally,  when  a  user  moves  from  an  edge  AP  managed  by  one  Controller  to  another  edge  AP managed by another Controller, the user would experience network disconnection and have to re-login. However, with Cross Gateway Roaming, the user can stay logged in to the network and continue to enjoy network access without interruption. 
Cross Gateway Roaming adopts a star topology that consists of one Master Node that sits at the center and multiple Slave Nodes that connect to it. One Master Node may connect with up to 15 Slave Nodes. A Controller can be in Master Mode or Slave Mode depending on its Cross Gateway Roaming settings. 
This technical guide aims to explain the setup flow of Cross Gateway Roaming on the Controller. Below are two exemplary network deployments that deploy Cross Gateway Roaming so that authenticated users could seamlessly roam within the larger network. Please Click here to know more.

Virtual private networks (VPNs) provide a way for secure connections to be established across the public network by tunneling the traffic. VPNs generally fall into two types — remote-access VPN and site-to-site VPN. Remote-access VPNs can be used to securely connect a host to a private network. For example, companies can allow staff to remotely access the file servers or other resources on the headquarters' intranet from an outside network using remote VPNs. With site-to-site VPNs, separate private networks could be joined for data sharing or other purposes. For example, private networks of different office branches of a company or even private networks of different companies can be joined.   
  • The Site-to-Site VPN feature on the controller is introduced, and guidance on how  to  build and configure an exemplary site-to-site VPN is provided through step-by-step explanations. Click here to know more details.
  • The Remote VPN feature on the controller is introduced, and guidance on how to setup and configure remote VPNs on the controller as well as on client devices is provided. Click here to know more details.

This technical guide provides information on where to find the log data, where to set up automatic notification, and how to view the logs for the EWS controller. 

There are multiple types of logs and reports in the Controller, as described in the following:
a.  CAPWAP Log
b.  Configuration Change Log 
c.  Local Monthly Usage 
d.  Local Web Log 
e.  Micros Opera Log 
f.  On-Demand Billing Report 
g.  RADIUS Server Log 
h.  SIP Call Usage Log 
i.  SMS API Log 
j.  System Log 
k.  UAMD Log 
l.  User Events 
For all the logs described above, “Notification” works as a central data processor to send log entries to configured external systems (including administrators’ email box, FTP servers, and SYSLOG servers) at certain timed intervals. Click here to know more details. 

MAC address-based access control grants or denies users' access to the network based on the MAC addresses of users' devices. On the controller, there are three types of MAC address-based access control available – MAC Authentication (by Service Zone), MAC Privilege List, and MAC Access Control List. 

In this guide, mechanisms of these different MAC address-based access control options are explained and a comparison between them is given. Possible scenarios for these MAC address-based access control options are also illustrated. Moreover, step-by-step configuration guides are provided to facilitate the configuration process. Click here to know more details. 

This article is aimed at explaining the practical setup flow of “User Bandwidth Throttling”, which is a new feature available in version 3.43 for all EWS series. The newly added feature allows network administrators to enforce double QoS policies on users, providing greater flexibility in traffic control especially for guest users. For all authentication options, especially Guest Authentication and Social Media Login for now, time-based bandwidth throttling feature as a part of the policy profile is the win-win solution for providing free Wi-Fi service in public areas. 

This technical guide should help network administrators to easily setup and configure bandwidth limitation for all users in the network. Click here to know how to setup the User Bandwidth Throttling. 



1. Set the Wired Network Discovery VLAN ID to 10. Wired Network Discovery VLAN ID is the management VLAN that AP will using to communicate with AC controller after success managed by AC controller.

 (When the value not set to zero, means enabled VLAN classification at ALL AP that using this profile)


2. Modify the VLAN at corresponding VAP that want to enabled (default VLAN is 1)


3. Then apply the profile to take effect the configuration. (Remember need configure corresponding VLAN at the switch first before apply the profile.)

How to configure the basic Captive Portal (Local Mode) on EWS4502?
Captive Portal Scenario

Setup Captive Portal
1. Enabled Captive Portal at Global Configuration.
System > Security > Captive Portal> Global Configuration

2. Set Verification Mode as Local at CP Configuration.
System > Security > Captive Portal> CP Configuration

3. Add user at Local User.
System > Security > Captive Portal> Local User

4. Add the VAP to Associated Interface at Interface Association page.
System > Security > Captive Portal> Interface Association