How do I configure my WAPs to use essensys Wi-Fi Experience?
Set up your essensys SSID at a single site to ensure your Occupier's receive the best possible Digital experience and get the most out of your essensys Intelligence. Follow this process at more than 1 site & you will enhance your Intelligence & create your network of connected spaces.
The below process is generic, designed to cover general settings common to most Wi-Fi vendors, there may be additional adjustments required for specific makes and models of access points.
1. Configure the SSID
This step ensures all users connect to a unified network, allowing seamless roaming.
Access the WAP management dashboard (Meraki Dashboard or Cambium cnMaestro).
Locate the SSID setup section and create a new SSID named "Wi-Fi Secure".
Why? Standardized SSID names prevent frequent re-authentication across locations.
2. Set Security and Authentication
Enterprise security ensures only authorized users can access the network.
Select Enterprise (802.1X) as the security type.
Choose EAP authentication to support secure credential exchanges.
Encryption: WPA2-Enterprise is recommended for compatibility; WPA3 can be used for newer devices.
3. Add RADIUS Authentication
RADIUS servers handle authentication, ensuring secure user access.
Input the Primary & Secondary RADIUS Server IPs provided by essensys.
For authentication, use port 1812 and accounting port 1813.
Shared Secrets are used to encrypt communications between WAPs and the RADIUS servers, you should use the shared secrets provided, which should be unique per site.
NAS-ID: For each site you will be provided with a unique NAS-ID, this will be in the format of two numbers separated by a -
4. VLAN & IP Configuration
Client IP Assignment: Set to Bridged mode to rely on an external DHCP server.
VLAN Tagging: Enable and assign the correct VLAN ID for network segmentation.
Why? VLANs improve security by separating guest and internal traffic.
5. Configure Firewall & Traffic Policies
Enable Layer 2 LAN Isolation to prevent devices from communicating directly.
Disable Splash Page for seamless access.
Final Steps:
Ensure all configurations match company network policies.
Notify the internal team once the setup is complete.
Conduct a final validation test with multiple devices.