Skip to main content
Wi-Fi Secure for WAPs

This article will help you configure your WAPs (Generic WAP's) for Wi-Fi Secure SSID.

Nicole Lachowicz avatar
Written by Nicole Lachowicz
Updated over a month ago

How do I configure my WAPs to use essensys Wi-Fi Experience?

Set up your essensys SSID at a single site to ensure your Occupier's receive the best possible Digital experience and get the most out of your essensys Intelligence. Follow this process at more than 1 site & you will enhance your Intelligence & create your network of connected spaces.

The below process is generic, designed to cover general settings common to most Wi-Fi vendors, there may be additional adjustments required for specific makes and models of access points.

1. Configure the SSID

This step ensures all users connect to a unified network, allowing seamless roaming.

  • Access the WAP management dashboard (Meraki Dashboard or Cambium cnMaestro).

  • Locate the SSID setup section and create a new SSID named "Wi-Fi Secure".

  • Why? Standardized SSID names prevent frequent re-authentication across locations.

2. Set Security and Authentication

Enterprise security ensures only authorized users can access the network.

  • Select Enterprise (802.1X) as the security type.

  • Choose EAP authentication to support secure credential exchanges.

  • Encryption: WPA2-Enterprise is recommended for compatibility; WPA3 can be used for newer devices.

3. Add RADIUS Authentication

RADIUS servers handle authentication, ensuring secure user access.

  • Input the Primary & Secondary RADIUS Server IPs provided by essensys.

  • For authentication, use port 1812 and accounting port 1813.

  • Shared Secrets are used to encrypt communications between WAPs and the RADIUS servers, you should use the shared secrets provided, which should be unique per site.

  • NAS-ID: For each site you will be provided with a unique NAS-ID, this will be in the format of two numbers separated by a -

4. VLAN & IP Configuration

  • Client IP Assignment: Set to Bridged mode to rely on an external DHCP server.

  • VLAN Tagging: Enable and assign the correct VLAN ID for network segmentation.

  • Why? VLANs improve security by separating guest and internal traffic.

5. Configure Firewall & Traffic Policies

  • Enable Layer 2 LAN Isolation to prevent devices from communicating directly.

  • Disable Splash Page for seamless access.

Final Steps:

  • Ensure all configurations match company network policies.

  • Notify the internal team once the setup is complete.

  • Conduct a final validation test with multiple devices.

Did this answer your question?