Employee Network

An Employee network is a classic Wi-Fi network. This network type is used by the employees in an organization and it supports passphrase-based (PSK) or 802.1X-based authentication methods. Employees may access the protected data through the employee network after successful authentication. The employee network is selected by default during a network profile configuration.

 

The very first employee network you create for the site cannot be deleted unless you choose to delete the site entirely from your account.

To configure an employee network:

  1. Tap Active Networks tile on the Instant On mobile app home page.
  2. Tap Add () and select the Wireless tab as the Network type. This tab appears only when your site has both wired and wireless networks.
  3. Select Employee, under Usage to indicate that the network is for an enterprise.
  4. Under Identification, enter a Name for the employee network. This will also be broadcasted as the SSID for the WLAN network.
  5. Under Security, select one of the following Network Security options:
    1. WPA2 Personal—Uses PSK password authentication. WPA2 Personal is enabled by default.
    2. WPA2 + WPA3 Personal—Uses PSK password authentication. Select WPA2 + WPA3 Personal to enable this option.
    3. WPA2 Enterprise—Uses Radius authentication. Select the WPA2 Enterprise radio button to select this option.
    4. WPA2 + WPA3 Enterprise—Uses Radius authentication. Select the WPA2 + WPA3 Enterprise radio button to select this option.
  6. Selecting the WPA2 Enterprise or WPA2 + WPA3 Enterprise options, displays the RADIUS Server configuration and Network Access Attributes options. This enables you to secure the network using a higher encryption RADIUS authentication server. Configure the following settings:

    You must configure the RADIUS server to allow APs individually or set a rule to allow the entire subnet.

    • Enter the RADIUS server IP address or domain name.
    • Enter the Shared Secret.
  7. Click More RADIUS parameters and configure the following settings:
    • RADIUS Accounting—Slide the toggle switch to send RADIUS accounting messages.
    • Primary RADIUS Server—Configure the following parameters for the Primary RADIUS Server.
      • Server IP Address or Domain Name—Enter the IP address or fully qualified domain name of the RADIUS server.
      • Shared Secret—Enter a shared key for communicating with the external RADIUS server.
      • Server Timeout—Specify a timeout value in seconds. The value determines the timeout for a RADIUS request. The Instant On AP attempts to send the request several times (as configured in the Retry count) before the user gets disconnected. For example, if the Timeout is 5 seconds, Retry counter is 3, user is disconnected after 20 seconds. The default value is 5 seconds.
      • Retry Count—Specify a number between 1 and 5. Retry count indicates the maximum number of authentication requests that are sent to the server group, and the default value is 3 requests.
      • Authentication Port—Enter the authentication port number of the external RADIUS server within the range of 1–65535. The default port number is 1812.
    • Secondary RADIUS Server—Slide the toggle switch to configure a secondary RADIUS server.
      • Server IP Address or Domain Name—Enter the IP address or fully qualified domain name of the secondary RADIUS server.
      • Shared Secret—Enter a shared key for communicating with the secondary RADIUS server.
      • Server Timeout—Specify a timeout value in seconds. The value determines the timeout for a secondary RADIUS request. The Instant On AP attempts to send the request several times (as configured in the Retry count) before the user gets disconnected. For example, if the Timeout is 5 seconds, Retry counter is 3, user is disconnected after 20 seconds. The default value is 5 seconds.
      • Retry Count—Specify a number between 1 and 5. Retry count indicates the maximum number of authentication requests that are sent to the server group, and the default value is 3 requests.
      • Authentication port—Enter the authentication port number of the secondary RADIUS server within the range of 1–65535. The default port number is 1812.
  8. Under Network Access Attributes, configure the following settings if you wish to proxy all RADIUS requests from the Instant On AP to the client.
    • NAS identifier—Enter a string value for RADIUS attribute 32, NAS Identifier, to be sent with RADIUS requests to the RADIUS server.
    • NAS IP address—Select one of the following options if your Instant On devices are configured in a private network mode. The options below determine how the RADIUS authentication takes place across all networks. This option is grayed out if the Instant On AP is configured as a primary Wi-Fi router on the network. In which case each AP in the network will send RADIUS requests to the server with a matching Source IP address and NAS IP address.
      • Use device IP (default)—This is the default setting. The RADIUS requests and NAS IP address will originate from each device authenticating the clients.
      • Use a single IP—The RADIUS and NAS IP address will originate from a single IP address representing the site. Enter the NAS IP address for the site.
  9. Tap close () to return to the employee details page.

After you configure an Employee network and save its settings for the first time, a toggle switch appears in the Employee Details page indicating the network is currently Active (). Use this switch to enable or disable the employee network.

Modifying the Employee Network Name and Password

To modify the network name or password of the employee network in the Instant On mobile app, follow these steps:

  1. Tap Active Networks on the Instant On home screen. The Networks screen is displayed.
  2. Select the employee network from the Networks list to view the Employee Details screen.
  3. Under Identification, enter a new name under Network name to change the main network name or a new password under Network password to change the main network password. A warning message appears, indicating that changes to the network settings will disconnect all clients currently accessing the network.
  4. Tap DONE to save the settings.

More Options

The More options drop-down in the Instant On mobile app allows you to configure following settings for clients on employee networks: