Help needed setting the settings on my EnGenius EWS357AP

i could use some help with understanding an settings

an setting them on my EnGenius EWS357AP

specifically these things

1 .can i lower my signal coverage more or restrict it more to cover just my home

currently the ap is sitting the middle of my home with the transmit power for both 2.4 an 5ghz set at 11 that seems to be the lowest before auto id like to disable the 2.4 as i have nothing that needs

it an some gear seem to get interference from it , my previous unit power control had a high ,med, an low an low was just right an the wifi sig would completely drop out at 5ft outside my home

an just a bit spotty through out my home an the unit before was worse despite blasting signal through out the most of the neighborhood

2 . the EnGenius EWS357AP set to 11 is fine though out my home into all my rooms at -50dBm with channel ht set to 20mHz without issue besides the signal bleeding into the middle of the street in front of my home id like at min to taper back into my yard

would using the radius an band steering settings help with this issue an improve security
an if so how do i set them

e399e124eb358473f3f889087986e5da17d3d7bb_2_1080x6071080×607 99 KB

3. how do i correctly set the vlan an client isolation options per ssid , i try it an setting my own id numbers within the specified range for the vlan isolation for each ssid but the ssid an signal

70eb9a7a6c77f0f577a54d3513410967c8ff1be9_2_975x825975×825 51.9 KB

would not connect an devices that were connected would lose ther connection i clearly did wrong but what i dont know.

4. my EnGenius EWS357AP is mounted in the middle of the hall an the wall facing out towards the street is this somewhat why the signal bleeds to the middle of the street in front of my home

old coverage map

image1422×1949 198 KB

new coverage map

2b5c9b4d7009801c6714841dca2c5eb1d691b1111422×1949 161 KB

an if mounted in the middle of the hallway but on the ceiling
would that at a min taper it back into my yard

could you help me with all this with a step by step please

this is a great writeup.

so RSSI is what you should worry about more than signal level. If your ap is so loud you can hear it 3 states away… that’s fine… but you don’t want to talk to weak clients from your yard, or wherever, is the key thing. Having the AP have a little more tx power (when you dont have a mesh) also means that your network coverage is more immune to transient noise here and there, too

doing it the other way where the tx power is very limited is a good strategy when there is a dense mesh of access points so its not just loud people yelling at each other, but for your use case where you just want to limit what the APs responds to… RSSI setting alone is probably what you want.

for the vlan stuff you ideally would have separate IP subnets and separate ssids (wireless network names) for each client. You can do wpa enterprise and then each client has its own unique cryptography but most home stuff doesn’t even properly support wpa2/3 hybrid mode let alone enterprise stuff… so thats maybe not a good idea in this particular situation.

looks like you’ve got 2.4g disabled, that’s fine. I sometimes like to use 2.4g for legacy devices but you can setup the 2.4g devices on their own ssid too, and their own vlan, if you want… but probably not needed.

radius is for doing user auth for captive portal which is not secure in terms of keep-my-packets-away but is secure-ish in that unless you have a further password… you aren’t getting past the captive portal. I dont think radius and captive portal applies to your situation

well usually people don’t lower the transmit power on the access points, except for some mesh scenarios, they lower the threshold at which the access points respond to far-away clients. important difference there.

look up “cantenna” if you want to be horrified. if someone is fiddling around with your wifi you don’t need to lower the signal to be weak outside your back yard; a “cantenna” will fix them right up. same problem with rssi. I can setup my stuff a quarter mile away, point it at your house if I have line of sight, and your gear will think I’m Inside The House.

What is it you would like to do? have a different SSID and isolated network for each client?

yes to different SSID and isolated network for each client an maybe hide the ssid

one of my over-all reasons for wanting to control my signal an do these things

is wither it was interference an or someone trying to fuck with my signal or both on my older asus 1750ac wifi router i before i had the tp link archer unit blasted 5ghz threw half of my neighborhood

despite sucking in my home weird right ? not know much at the time an dipping my toe into the tech forums for info an advice i wound up dealing with the issue by lowering its tx power an also

ripping off the middle antenna an replacing the others with lower range one’s which barely helped the unit an issues became so problematic i dumped for the tp link which honestly served

me far better but still had issues hence after watch your vids on the EnGenuis AP an gear i went for that an its been a night an day diff , but thers still stuff i want to know an shore up thus all the tech advice questions.

fyi since switching to the EnGenuis AP 2 noticeable diff’s 1. the tp seemed to conk-out when running more then two 5ghz devices at once when under any mild load so i usually ran just

two instead of my 5 wifi devices.

2. aside from successfully having 6 different ssid’s setup (5 primary 1 guest)

the five are in near constant use at the same time daily with 3 of the 5 primary under decent or mild load any nothing has dropped or conked , so thanks

ps what i asked about in regards to the switch question

for a proper poe switch upgrade for my needs
is the the EnGenius Cloud ECS1112FP 8-Port Gigabit PoE+ Switch a good pick for my needs.

my total network gear that needs wired an wireless is as followed

9 x wired devices

2 x pc’s (1 on current switch)

2 x nas (1 to be on switch the other can stay directly on fwg router both are/will be on 20ft cat7 in seperate room)

1 x printer (can stay directly on fwg router)

1 x nvidia shield (on current switch)

1 x voip lan phone (on current switch)

1 x REOLINK 36 Channel Network Video Recorder RLN36 (to be on switch)

1 x nas (to be on switch dedicated for REOLINK)

1 x poe wifi ap (on current switch)

5 x wifi devices vi ap

2 x laptops (1 with 6ghz ax option if AP can do it)

2 x tablets (both vi 5ghz)

1 x smart phone (vi 5ghz)

no 2.4ghz gear at all

currently 1 pc & 1 nas an the cam system are not connected as i have no room for them.

my current config is
the EnGenius EWS357AP on my Aumox 5 Port Gigabit PoE Switch, 4 Port PoE 78W (SG305P5 )
with its auto vlan option enabled & paired with my fwg router

the nas, printer, an switch connect occupy the three available ports on the FWG router

the phone , 1 x pc , shield , an AP occupy the four available ports on the switch

id like to have all my wired gear thats not directly on my FWG router

run off a switch with vlan&poe capability that can handle my stated needs

an the best AP for my WIFI stuff connected the switch

an id like advice on a step by step to config all gear on switch an AP to have vlans enabled

for the REOLINK 36 Channel Network Video Recorder RLN36 & its dedicated nas to be isolated

from the rest of the network preferably have the reo system an its nas talk to just 1 tablet.

fyi then reason i dont want to use the reo’s internal drives but record to a nas is both
nas’s are in a separate room from the reo an the rest of network hub gear is in another

this is for 2 reasons

1 the wiring layout of my home an were the exterior cable access is for the cams

2. for security the man network hub is in the main pc room in a closet behind a false wall while
   the reo is in another closet closest to the exterior of the home for cam cable access.

   i live in a rental home with limited modding option so running conduit is
   limited for me ie no more then i have.