text.skipToContent text.skipToNavigation

Linksys Cloud Manager 2.0 – Getting Started Guide

Getting Started with Linksys Cloud Manager 2.0

Congratulations on purchasing your Linksys Cloud Managed device!  Before you get started, you will need to do a few things:

1.  Document any serial numbers and MAC addresses from your devices.  You will need this information to add the device to your account.  We require both the serial number and the MAC address of the device as a security measure to ensure you own the device that you are trying to add.  You can find this information on the bottom of your device or on the product label on the box.

2.  Create a cloud account at https://cloudmanager.linksys.com.  It is completely free to sign up.

If you are an existing Linksys Cloud Manager 1.0 user, go to our Linksys Cloud Manager 1.0 to 2.0 Migration Guide.
 

Create an Organization
Create Networks
Add Devices to Your Network
Creating Wireless SSIDs
Access Point Specific Settings

Create an Organization


The first thing you need to do before you start adding and configuring devices is to create an organization.  This typically is your company name or your customer name.  The Linksys Cloud Manager 2.0 allows you to create an unlimited number of organizations so you can segment your network configurations however you choose.  This allows you to conveniently manage multiple organizations from a single account.  This will also allow you to add and remove members that have access to the entire organization or to specific networks only.
 

What can members have access to?


Here is a table that illustrates what roles and permissions are allowed:
 
Under
Organizations
Role
Permissions
Delete
Organization
Delete
Network
Change
Settings
OwnerComplete control over settings.  Includes the ability to delete networks and organizations you own.YESYESYES
AdministratorComplete control over settings.  Includes the ability to delete networks but does not include the ability to delete the organization.  You may leave an organization if desired.NOYESYES
 
You can add and remove members at the organization level by going to Account Settings > Team Members.  There can only be one owner;  the person who created the organization.  Any other members added will become administrators.  If you are the owner, you can transfer ownership to another administrator.  They will become the new owner, and this will downgrade your role from owner to administrator.
 
Under
Networks
Role
Permissions
Delete
Organization
Delete
Network
Change
Settings
ManagerComplete control over settings in a specific network.  No ability to delete networks or organizations.  You may leave a network if desired.NONOYES
ViewerNo control over settings in the network.  Viewing rights only.  No ability to delete networks or organizations.  You may leave a network if desired.NONONO

Under a specific network, you may add a manager or a viewer by clicking User-added image in the upper right-hand corner.  Managers will be allowed to make changes to the network settings while viewers can only view the settings.  Neither is allowed to delete an organization or a network, although they may leave the network if desired.  This is a good way to share different levels of access with other users.
 

Create Networks


Now that you have created an organization, you are ready to create your networks.  A network is typically a network location or a group of network devices that share the same configuration settings.  As with organizations, you also have the ability to create an unlimited number of networks within an organization.
 

Add Devices to Your Network


User-added image


Remember when we asked you to document the serial number and the MAC address from your devices?  This is where you will need it.  Under Access Points, click User-added image and then enter the serial number and the MAC address of the device.
 

User-added image

 

If this matches our database, you will see the device information displayed and you will be able to add the device to your network.  You will also see whether the device is online or offline.  If the device is able to receive a DHCP IP address from your internet router, then it should show that it is online.  Any configuration changes made while a device is online will take effect immediately.  The Linksys Cloud Manager also supports Zero Touch Provisioning.  That means you can start managing the device and configuring the settings even if the device is offline.  Once the device is online, it will automatically download its latest configuration from the cloud.  This allows you to set up as many devices as you want beforehand, saving time, so you only need to physically install the devices onsite.
 

Creating Wireless SSIDs

How many wireless SSIDs can I create?
Captive Portal with fully customizable Splash Page
Bandwidth Limit per SSID or Client
DHCP/NAT per SSID
Custom DNS Setting
VLAN Tagging per SSID
Wireless Client Isolation
Max Concurrent Clients
Client Roaming (802.11k, 802.11r, 802.11v)


User-added image
 
Now that you have added your access points, it is time to create your wireless networks.  Under SSIDs, click User-added image to configure a wireless network name and authentication method.  We highly recommend using WPA2™ or WPA2 Enterprise Authentication, even for public Wi-Fi.  Disabling the Authentication setting leaves the Wi-Fi network completely open and unencrypted, making it easier for anyone to sniff the wireless packets from the air.  This leaves your Wi-Fi network and your Wi-Fi clients at risk of cyber threats.

By default, any wireless SSID created will be broadcasted on all access points in the network; before clicking User-added image, you may change this by clicking on Change under Broadcast and de-selecting the access points you wish to exclude.

 

How many wireless SSIDs can I create?


The Linksys Cloud Manager supports up to eight wireless SSIDs per access point.  Each wireless SSID can be broadcasted on either the 2.4 GHz radio, the 5 GHz radio, or both.  Regardless of this choice, that wireless SSID will take up one of eight slots in the access point.  You may check an individual access point’s slots by clicking on the access point and going to the Wireless SSID Slots page.
 

Captive Portal with fully customizable Splash Page


User-added image

For businesses or homes that want to create a guest network that requires an additional password login or a Terms of Use Policy agreement, you can enable the Splash Page feature.  This can be found under SSIDs > Settings.  We included a free cloud-hosted splash page editor where you can fully customize your own splash page.  Check out the in-depth guide here.  Otherwise, you can use your own custom captive portal URL by selecting External Captive Portal.

We highly recommend using the Client Session Timeout setting to make sure guest clients are automatically kicked after some time.  They will be required to either enter the password again or agree to the Terms of Use Policy again.  This will prevent users from staying on the network to download files or use up bandwidth for a long period of time.

 

Bandwidth Limit per SSID or Client

Disabled by default; recommendation:  Enable
 
User-added image
 
You can easily limit the bandwidth per wireless SSID and/or per wireless client.  You can use the slider to apply the upload/download bandwidth together or separately specify the upload and download limits in kbps.  We recommend applying a bandwidth limit for the entire SSID and then applying a bandwidth limit per client to ensure a single client cannot consume all the bandwidth in your Wi-Fi network.
 

DHCP/NAT per SSID


Disabled by default
 

User-added image

Enabling this feature on a wireless SSID will turn on NAT mode and create a local 10.x.0.0/16 network for any Wi-Fi clients connected (where x is 1-8 depending on the wireless SSID slot used).  Wi-Fi clients will receive a random 10.x.0.2 to 10.x.255.254 IP address instead of receiving a LAN IP address directly from the internet router.  To the internet router, all traffic from this wireless SSID will be seen as coming from 10.x.0.1.  Be aware that this creates a double NAT scenario that may interfere with some applications like online gaming and VPN.
 
Example:

Wireless SSID Slot 1
IP Range:  10.1.0.2 to 10.1.255.254
Gateway:  10.1.0.1
DNS:  Automatic from Internet Gateway

We also recommend that you enable Isolate Clients from wired LAN to prevent any traffic not bound to or from the internet gateway.  This will increase security and prevent unnecessary traffic to the rest of the wired local area network.  If you have a shared network resource like a printer connected to the wired LAN, you can disable this feature to allow the clients on this SSID to reach that device on the wired LAN beyond the access point.
 

Custom DNS Setting


Disabled by default

With DHCP/NAT mode enabled, you can also set a specific DNS server that you want Wi-Fi clients in that SSID to use.  You can point to a DNS server that is different from your internet service provider if you prefer or use a third-party DNS service that has more security features like content or DNS filtering.

 

VLAN Tagging per SSID


Disabled by default
 
User-added image
 
Enable this feature if you have a VLAN-aware switch or router directly connected to the access point.  Any traffic from the wireless SSID will be tagged with the configured VLAN tag and sent out the access point’s ethernet port.  Please make sure your VLAN-aware switch or router is configured correctly to accept VLAN tagged traffic.  Otherwise, the traffic may be dropped, preventing internet access for Wi-Fi clients.  Note that you cannot use NAT mode and VLAN tagging at the same time, it can only be enabled in bridge mode.
 

Wireless Client Isolation


Disabled by default; recommendation:  Enable
 
 User-added image

Any Wi-Fi clients connected to a specific wireless SSID name will be in the same network and will be able to communicate with each other.  This means a legacy printer connected to the 2.4 GHz radio may still communicate with a laptop computer on the 5 GHz radio as long as they are both connected to the same wireless SSID name.  You may prevent all communication within the same wireless SSID by enabling Client Isolation so that clients can only communicate with the gateway out to the internet.  We recommend enabling this whenever possible, especially for a guest network, to add an extra layer of security between Wi-Fi clients. 

For wireless networks that need local access between wireless printers or other shared resources, we recommend disabling this feature.  For IoT devices that do not need local access, communicating directly with the cloud only, we recommend making a separate wireless SSID with authentication for those devices and enabling the Client Isolation feature.  The more you can segment your network into different groups (up to eight SSIDs), the more secure your network will be overall in case of a cyber security breach.

 

Max Concurrent Clients


Disabled by default

This feature allows you to set a maximum number of clients that can connect to the SSID.  If you want to prevent overuse and you have an idea of how many trusted clients will be connecting to the SSID, then enabling this will help prevent over subscription.  If you have many access points in an environment with overlapping wireless coverage, this feature will also help maintain client load on each access point to make sure one specific access point is not overloaded with client connections.

 

Client Roaming (802.11k, 802.11r, 802.11v)


Disabled by default; recommendation:  Enable

For the best access point-to-access point client roaming experience, we recommend enabling 802.11k/r/v/u for all wireless SSIDs.  You can find settings under SSIDs > Settings > Advanced.  Here is a brief explanation for each protocol:
 
  • 802.11k Radio Resource Management – Helps devices search quickly for nearby access points that are available as roaming targets by creating an optimized list of channels.  When the signal strength of the current access point weakens, your device will scan for target access points from the list.
  • 802.11r Fast Roaming – When your devices roam from one access point to another on the same network, 802.11r uses a feature called Fast Basic Service Set Transition to authenticate more quickly.  Works with both pre-shared key and 802.1x authentication methods.
  • 802.11v Wireless Network Management – Allows the network’s control layer to influence client roaming behavior by providing it the load information of nearby access points.
For more information about Agile Multiband™, you can go to this link:  https://www.wi-fi.org/discover-wi-fi/wi-fi-agile-multiband
 

Access Point Specific Settings

Firmware Updates
Add Location
Checking SSID Slots
TCP/IP Settings
Radio Settings
Time Zone Settings
Local Access Credentials and Local Web Access
Scheduled Reboot
Access Point LED Light


There are settings that can be configured on an individual access point level after clicking on the specific access point.  In this section, we will talk about each one and what they can do.
 

Firmware Updates
 

User-added image 

Click on Details to see the firmware version.
 
User-added image

Here you can click on Check for Updates to upgrade to the latest firmware version.  If you run into any issues, try rebooting the device first before upgrading.

Add Location


Also, under Details, you can add a location for your device.  This will help visualize your access points on a map if you have multiple locations deployed.  
  
User-added image

Click Edit, and enter the location into the search box.
 
User-added image

The map should autocomplete the location details.  Click on the autocomplete field to automatically fill in the location and then click Save.
 

Checking SSID Slots


User-added image
 
Click on Wireless SSID Slots to see a list of SSIDs attached to the access point.  If you are having issues with adding new SSIDs, this is a good way to check if all eight slots are used.  To make network-wide SSID changes across multiple access points, we recommend using the SSIDs tab on the main dashboard instead.

TCP/IP Settings

User-added image

Here you can click on Edit to change your IP address settings.  We recommend that you configure your DHCP Server with IP to MAC address mappings so your access points can consistently get the same IP address from one central place.  If that isn’t an option, then you can manually set them here.  You can also configure VLAN tagging here if you have a management VLAN that you are using to separate management traffic from local traffic.
 

Radio Settings

 
User-added image
 
Here you can set radio-specific settings on an access point.  For example, you can disable the 2.4 GHz radio if want to prevent any legacy devices connecting to your access point or you can tweak the transmit power (TX Power) levels to your desired wireless coverage.
 

Time Zone settings


For time zone settings, we recommend setting this under Network-wide Configuration under Settings.  This will apply the setting to all access points in your network instead of applying it here to only a specific access point.
 

Local Access Credentials and Local Web Access


For these management interfaces, we recommend setting this under Network-wide Configuration under Settings.  This will apply the setting to all access points in your network instead of applying it here to only a specific access point.

Local Access Credentials should be changed to overwrite the default password.  Local Web Access allows you to log into the local web interface of the access point for troubleshooting TCP/IP settings.  We recommend disabling this once you are comfortable with managing the access points from the cloud.

 

Scheduled Reboot


User-added image

User-added image

Under the More section, you can go to Scheduled reboot to set a schedule for when you want the device to reboot itself.  We don’t recommend using this feature unless absolutely necessary.  You can also set a schedule under the Network-wide Settings if you want the schedule to apply to all access points in your network.
 

Access Point LED Light Enable/Disable  


User-added image
 
User-added image
 
Under the More section, you can go to the LED light section to enable/disable the light on the access point.  This is useful if you are in a setting like a hospital or a medical office where light pollution is a concern.  We recommend setting this under Network-wide Configuration under Settings so this will apply to all access points in your network instead of applying it here to only a specific access point.

Was this support article useful?

Additional Support Questions?

Search Again

CONTACT SUPPORT