Linksys Cloud Manager 2.0 – Getting Started Guide
Getting Started with Linksys Cloud Manager 2.0
Congratulations on purchasing your Linksys Cloud Managed device! Before you get started, you will need to do a few things:
2. Create a cloud account at https://cloudmanager.linksys.com. It is completely free to sign up.
If you are an existing Linksys Cloud Manager 1.0 user, go to our Linksys Cloud Manager 1.0 to 2.0 Migration Guide.
The first thing you need to do before you start adding and configuring devices is to create an organization. This typically is your company name or your customer name. The Linksys Cloud Manager 2.0 allows you to create an unlimited number of organizations so you can segment your network configurations however you choose. This allows you to conveniently manage multiple organizations from a single account. This will also allow you to add and remove members that have access to the entire organization or to specific networks only.
Here is a table that illustrates what roles and permissions are allowed:
|Owner||Complete control over settings. Includes the ability to delete networks and organizations you own.||YES||YES||YES|
|Administrator||Complete control over settings. Includes the ability to delete networks but does not include the ability to delete the organization. You may leave an organization if desired.||NO||YES||YES|
|Manager||Complete control over settings in a specific network. No ability to delete networks or organizations. You may leave a network if desired.||NO||NO||YES|
|Viewer||No control over settings in the network. Viewing rights only. No ability to delete networks or organizations. You may leave a network if desired.||NO||NO||NO|
Under a specific network, you may add a manager or a viewer by clicking in the upper right-hand corner. Managers will be allowed to make changes to the network settings while viewers can only view the settings. Neither is allowed to delete an organization or a network, although they may leave the network if desired. This is a good way to share different levels of access with other users.
Now that you have created an organization, you are ready to create your networks. A network is typically a network location or a group of network devices that share the same configuration settings. As with organizations, you also have the ability to create an unlimited number of networks within an organization.
Remember when we asked you to document the serial number and the MAC address from your devices? This is where you will need it. Under Access Points, click and then enter the serial number and the MAC address of the device.
If this matches our database, you will see the device information displayed and you will be able to add the device to your network. You will also see whether the device is online or offline. If the device is able to receive a DHCP IP address from your internet router, then it should show that it is online. Any configuration changes made while a device is online will take effect immediately. The Linksys Cloud Manager also supports Zero Touch Provisioning. That means you can start managing the device and configuring the settings even if the device is offline. Once the device is online, it will automatically download its latest configuration from the cloud. This allows you to set up as many devices as you want beforehand, saving time, so you only need to physically install the devices onsite.
Creating Wireless SSIDs
How many wireless SSIDs can I create?
Captive Portal with fully customizable Splash Page
Bandwidth Limit per SSID or Client
DHCP/NAT per SSID
Custom DNS Setting
VLAN Tagging per SSID
Wireless Client Isolation
Max Concurrent Clients
Client Roaming (802.11k, 802.11r, 802.11v)
By default, any wireless SSID created will be broadcasted on all access points in the network; before clicking , you may change this by clicking on Change under Broadcast and de-selecting the access points you wish to exclude.
The Linksys Cloud Manager supports up to eight wireless SSIDs per access point. Each wireless SSID can be broadcasted on either the 2.4 GHz radio, the 5 GHz radio, or both. Regardless of this choice, that wireless SSID will take up one of eight slots in the access point. You may check an individual access point’s slots by clicking on the access point and going to the Wireless SSID Slots page.
Disabled by default
Enabling this feature on a wireless SSID will turn on NAT mode and create a local 10.x.0.0/16 network for any Wi-Fi clients connected (where x is 1-8 depending on the wireless SSID slot used). Wi-Fi clients will receive a random 10.x.0.2 to 10.x.255.254 IP address instead of receiving a LAN IP address directly from the internet router. To the internet router, all traffic from this wireless SSID will be seen as coming from 10.x.0.1. Be aware that this creates a double NAT scenario that may interfere with some applications like online gaming and VPN.
Wireless SSID Slot 1
IP Range: 10.1.0.2 to 10.1.255.254
DNS: Automatic from Internet Gateway
We also recommend that you enable Isolate Clients from wired LAN to prevent any traffic not bound to or from the internet gateway. This will increase security and prevent unnecessary traffic to the rest of the wired local area network. If you have a shared network resource like a printer connected to the wired LAN, you can disable this feature to allow the clients on this SSID to reach that device on the wired LAN beyond the access point.
Disabled by default
With DHCP/NAT mode enabled, you can also set a specific DNS server that you want Wi-Fi clients in that SSID to use. You can point to a DNS server that is different from your internet service provider if you prefer or use a third-party DNS service that has more security features like content or DNS filtering.
Disabled by default
Disabled by default; recommendation: Enable
Any Wi-Fi clients connected to a specific wireless SSID name will be in the same network and will be able to communicate with each other. This means a legacy printer connected to the 2.4 GHz radio may still communicate with a laptop computer on the 5 GHz radio as long as they are both connected to the same wireless SSID name. You may prevent all communication within the same wireless SSID by enabling Client Isolation so that clients can only communicate with the gateway out to the internet. We recommend enabling this whenever possible, especially for a guest network, to add an extra layer of security between Wi-Fi clients.
For wireless networks that need local access between wireless printers or other shared resources, we recommend disabling this feature. For IoT devices that do not need local access, communicating directly with the cloud only, we recommend making a separate wireless SSID with authentication for those devices and enabling the Client Isolation feature. The more you can segment your network into different groups (up to eight SSIDs), the more secure your network will be overall in case of a cyber security breach.
Disabled by default
This feature allows you to set a maximum number of clients that can connect to the SSID. If you want to prevent overuse and you have an idea of how many trusted clients will be connecting to the SSID, then enabling this will help prevent over subscription. If you have many access points in an environment with overlapping wireless coverage, this feature will also help maintain client load on each access point to make sure one specific access point is not overloaded with client connections.
Disabled by default; recommendation: Enable
For the best access point-to-access point client roaming experience, we recommend enabling 802.11k/r/v/u for all wireless SSIDs. You can find settings under SSIDs > Settings > Advanced. Here is a brief explanation for each protocol:
- 802.11k Radio Resource Management – Helps devices search quickly for nearby access points that are available as roaming targets by creating an optimized list of channels. When the signal strength of the current access point weakens, your device will scan for target access points from the list.
- 802.11r Fast Roaming – When your devices roam from one access point to another on the same network, 802.11r uses a feature called Fast Basic Service Set Transition to authenticate more quickly. Works with both pre-shared key and 802.1x authentication methods.
- 802.11v Wireless Network Management – Allows the network’s control layer to influence client roaming behavior by providing it the load information of nearby access points.
Access Point Specific Settings
Checking SSID Slots
Time Zone Settings
Local Access Credentials and Local Web Access
Access Point LED Light
There are settings that can be configured on an individual access point level after clicking on the specific access point. In this section, we will talk about each one and what they can do.
Click on Details to see the firmware version.
Here you can click on Check for Updates to upgrade to the latest firmware version. If you run into any issues, try rebooting the device first before upgrading.
Also, under Details, you can add a location for your device. This will help visualize your access points on a map if you have multiple locations deployed.
Click Edit, and enter the location into the search box.
The map should autocomplete the location details. Click on the autocomplete field to automatically fill in the location and then click Save.
Here you can click on Edit to change your IP address settings. We recommend that you configure your DHCP Server with IP to MAC address mappings so your access points can consistently get the same IP address from one central place. If that isn’t an option, then you can manually set them here. You can also configure VLAN tagging here if you have a management VLAN that you are using to separate management traffic from local traffic.
For time zone settings, we recommend setting this under Network-wide Configuration under Settings. This will apply the setting to all access points in your network instead of applying it here to only a specific access point.
For these management interfaces, we recommend setting this under Network-wide Configuration under Settings. This will apply the setting to all access points in your network instead of applying it here to only a specific access point.
Local Access Credentials should be changed to overwrite the default password. Local Web Access allows you to log into the local web interface of the access point for troubleshooting TCP/IP settings. We recommend disabling this once you are comfortable with managing the access points from the cloud.
Under the More section, you can go to Scheduled reboot to set a schedule for when you want the device to reboot itself. We don’t recommend using this feature unless absolutely necessary. You can also set a schedule under the Network-wide Settings if you want the schedule to apply to all access points in your network.