Wifi Manager

EMDK For Android - 6.3

Overview

Wi-Fi Manager administers the Wi-Fi settings and network profiles for a device, including the settings required for connecting to networks.

Note: Documention for the Wi-Fi configuration service provider uses the terms "enable" and "disable" to mean "turn on" and "turn off" a feature; to make its state active or inactive. Those terms in some other CSPs refer to the feature's "Usage" setting, which can prevent access to the feature entirely.

Note: Enabling the Password Protect Encryption feature prevents the Google Mobile Service (GMS) backup from successfully restoring Wi-Fi settings to a device, and might effect the operation other device backup systems.

Main Functionality

  • Enable/Disable the following:
    • Wi-Fi communication on the device
    • An existing Wi-Fi network
    • Hyper Fast Secure Roam (HF SR)
    • Cisco Centralized Key Management (CCKM)
    • Fast Transition (FT)
    • Fast Transition Resource Request (FTRIC)
    • OKC (Opportunistic Key Caching)
    • PMKID Caching
    • PreAuth
    • Advanced Logging
    • FIPS Compliance
    • Restricted WLAN Settings UI
    • Radio Resource Measurement (802.?11K)
    • Management Frame Protection Mode (802.?11w)
    • FTOverTheDS
    • AggregatedFT
    • ScanAssist
    • Coverage Hole Detection
    • Sub-Net Roam
    • WANCountry
  • Set Wi-Fi to Sleep: Never, Always or Always When Plugged In
  • Use/Do Not Use Network Notifications
  • Select Country automatically or manually
  • Set the RF Band
  • Enable Auto RF Band selection
  • Enable Fusion Advanced Logging
  • Enable device to set Clock from an Access Point (AP)
  • Set Power Savings Mode to: Always Active, WMM-PS, Null Data or PS-POLL
  • Set the band preference
  • Connect to/Disconnect from a Wi-Fi network
  • Disable all existing Wi-Fi networks
  • Remove all existing Wi-Fi networks
  • Encrypt Passwords in transit
  • Encrypt Passwords stored on the device

Target OS

Permits the operating system of the target device to be specified.

Parm Name: TargetOS

Option Name Description Requires
2 Android Specify the operating system of the target device.

MX: 4.2+

Wi-Fi Enable/Disable

This is the On-Off switch for the Wi-Fi radio. Note: Wi-Fi must be enabled to change some other Wi-Fi settings, including those controlled by the Network Actions parameter described later in this document. Attempting to change such settings while the Wi-Fi radio is disabled will result in an error. Zebra recommends beginning any profile created to change Wi-Fi settings with a command to enable the Wi-Fi radio.

Note: In the Wi-Fi configuration service provider, the terms "enable" and "disable" refer to the ability by a user or administrator to "turn on" and "turn off" a feature or capability. In some other CSPs, those terms refer to the feature's "Usage" setting, which can prevent access to the feature entirely.

Parm Name: WiFiAction

Option Name Description Requires
0 Do not change This value (or the absence of this parm from the XML) causes no change to the Wi-Fi enabled setting; any previously selected setting will be retained.

MX: 4.2+

enable Enable Turns the Wi-Fi radio On.

MX: 4.2+

disable Disable Turns the Wi-Fi radio Off.

MX: 4.2+

Sleep Policy

Specifies the state of the Wi-Fi radio when the device enters sleep mode. When Wi-Fi remains enabled during sleep, existing Wi-Fi connections will be maintained as during normal operations. While preferrable for some situations, this mode can significantly reduce battery life.

Android devices by default enter suspend mode after being idle for a specified period of time. While in this mode, software continues to run, but in a lower-power state.

Parm Name: WifiSleepPolicy

Option Name Description Requires
Do not change This (null) value (or the absence of this parm from the XML) causes no change to the current sleep policy on the device; any previously selected setting will be retained.

MX: 4.2+

Never Sleep Never Sleep Causes the Wi-Fi radio to remain enabled when the device goes to sleep, allowing continued access to Wi-Fi for running apps.

MX: 4.2+

PluggedIn Never Sleep When Plugged In Causes the Wi-Fi radio to remain enabled whenever the device is plugged in and not running on battery power regardless of sleep state, allowing continued access to Wi-Fi for running apps.

MX: 4.2+

NeverOn Always Sleep Causes the Wi-Fi radio to be disabled off when the device enters sleep mode, dropping any existing Wi-Fi connections.

MX: 4.2+

Country Selection Auto/Manual

Permits the country-selection preference for network usage and Wi-Fi regulatory setting by the device to be specified. Check the box to select the country manually from the drop-down menu; leave the box unchecked to allow the network router or Wi-Fi access point to select the country.

Parm Name: UseRegulatory

Option Name Description Requires
true true Permits manual country selection.

MX: 4.2+

false false Allows the country to be determined by the router.

MX: 4.2+

Country

Permits selection of country-specific Wi-Fi regulatory settings. Choosing "AUTO" enables 802.11d selection, which configures the device to listen for a country-specific beacon. Using the AUTO setting, the device will not transmit unless it can successfully detect the country and use a frequency that is consistent with the country's Wi-Fi infrastructure. This setting is the least likely to violate country-specific regulations. Countries that do not support the 802.11d infrastructure must be selected manually.

Shown if: The "Configure Country (Auto/Manual)" box is unchecked

Parm Name: Country

Option Name Description Requires
AUTO AUTO (Use 802.11d)

MX: 4.2+

DZ Algeria

MX: 4.2+

AI Anguilla

MX: 4.2+

AR Argentina

MX: 4.2+

AU Australia

MX: 4.2+

AT Austria

MX: 4.2+

BS Bahamas

MX: 4.2+

BH Bahrain

MX: 4.2+

BB Barbados

MX: 4.2+

BY Belarus

MX: 4.2+

BE Belgium

MX: 4.2+

BM Bermuda

MX: 4.2+

BO Bolivia

MX: 4.2+

BQ Bonaire

MX: 4.2+

BA Bosnia and Herzegovina

MX: 4.2+

BR Brazil

MX: 4.2+

BG Bulgaria

MX: 4.2+

CA Canada

MX: 4.2+

KY Cayman Islands

MX: 4.2+

CL Chile

MX: 4.2+

CN China

MX: 4.2+

CX Christmas Island

MX: 4.2+

CO Columbia

MX: 4.2+

CR Costa Rica

MX: 4.2+

HR Croatia

MX: 4.2+

CW Curacao

MX: 4.2+

CY Cyprus

MX: 4.2+

CZ Czech Republic

MX: 4.2+

DK Denmark

MX: 4.2+

DO Dominican Republic

MX: 4.2+

EC Ecuador

MX: 4.2+

EG Egypt

MX: 4.2+

SV El Salvador

MX: 4.2+

EE Estonia

MX: 4.2+

FK Falkland Islands(Malvinas)

MX: 4.2+

FI Finland

MX: 4.2+

FR France

MX: 4.2+

GF French Guiana

MX: 4.2+

DE Germany

MX: 4.2+

GR Greece

MX: 4.2+

GP Guadelope

MX: 4.2+

GU Guam

MX: 4.2+

GT Guatemala

MX: 4.2+

GY Guyana

MX: 4.2+

HT Haiti

MX: 4.2+

HN Honduras

MX: 4.2+

HK Hong Kong

MX: 4.2+

HU Hungary

MX: 4.2+

IS Iceland

MX: 4.2+

IN India

MX: 4.2+

ID Indonesia

MX: 4.2+

IE Ireland

MX: 4.2+

IL Israel

MX: 4.2+

IT Italy

MX: 4.2+

JM Jamaica

MX: 4.2+

JP Japan

MX: 4.2+

JO Jordan

MX: 4.2+

KZ Kazakhstan

MX: 4.2+

KE Kenya

MX: 4.2+

KR Korea Republic

MX: 4.2+

KW Kuwait

MX: 4.2+

LV Latvia

MX: 4.2+

LB Lebanon

MX: 4.2+

LI Liechtenstein

MX: 4.2+

LT Lithuania

MX: 4.2+

LU Luxembourg

MX: 4.2+

MK Macedonia, Former Yugoslav Republic

MX: 4.2+

MY Malaysia

MX: 4.2+

MT Malta

MX: 4.2+

MQ Martinique

MX: 4.2+

MX Mexico

MX: 4.2+

ME Montenegro

MX: 4.2+

MA Morocco

MX: 4.2+

AN Netherlands, Antilles

MX: 4.2+

NL Netherlands

MX: 4.2+

NZ New Zealand

MX: 4.2+

NI Nicaragua

MX: 4.2+

NG Nigeria

MX: 4.2+

NU Niue

MX: 4.2+

NF Norfolk Islands

MX: 4.2+

MP Northern Marina Islands

MX: 4.2+

NO Norway

MX: 4.2+

OM Oman

MX: 4.2+

PK Pakistan

MX: 4.2+

PA Panama

MX: 4.2+

PY Paraguay

MX: 4.2+

PE Peru

MX: 4.2+

PH Philippines

MX: 4.2+

PL Poland

MX: 4.2+

PT Portugal

MX: 4.2+

PR Puerto Rico

MX: 4.2+

QA Qatar

MX: 4.2+

RO Romania

MX: 4.2+

RU Russian Federation

MX: 4.2+

SX St. Maarten

MX: 4.2+

SA Saudi Arabia

MX: 4.2+

RS Serbia

MX: 4.2+

SG Singapore

MX: 4.2+

SK Slovakia

MX: 4.2+

SI Slovenia

MX: 4.2+

ZA South Africa

MX: 4.2+

ES Spain

MX: 4.2+

LK Sri Lanka

MX: 4.2+

SE Sweden

MX: 4.2+

CH Switzerland

MX: 4.2+

TW Taiwan, Province of China

MX: 4.2+

TH Thailand

MX: 4.2+

TT Trinidad and Tobago

MX: 4.2+

TN Tunisia

MX: 4.2+

TR Turkey

MX: 4.2+

UA Ukraine

MX: 4.2+

AE United Arab Emirates

MX: 4.2+

GB United Kingdom

MX: 4.2+

US U.S.A.

MX: 4.2+

UY Uruguay

MX: 4.2+

VE Venezuela

MX: 4.2+

VN Vietnam

MX: 4.2+

VG Virgin Islands(British)

MX: 4.2+

VI Virgin Islands(US)

MX: 4.2+

RF Band Selection

Used to specify which RF band(s) the device will use for 802.11 communications. This parameter is usually set automatically through negotiation with the Wi-Fi infrastructure. However, it might sometimes be desirable to limit Wi-Fi communications to certain bands, leaving other bands free for other purposes.

Parm Name: BandSelection

Option Name Description Requires
Unchanged This value (or the absence of this parm from the XML) causes no change to the band(s) currently selected on the device; any previously selected setting will be retained.

MX: 4.2+

2.4GHZ 2.4GHZ Enables 2.4 GHz band.

MX: 4.2+

5.0GHZ 5.0GHZ Enables 5.0 GHz band.

MX: 4.2+

Auto Auto Enables 2.4 GHz and 5.0 GHz bands and allows automatic connections to either.

MX: 4.2+

Network Notification

Controls whether to present user notifications when unknown, open networks such as public Wi-Fi come into range of the device. If enabled, the user will be presented with the opportunity to connect with such networks. This might be desireable for personal or dual-use devices, but could introduce vulnerabilities when connecting to non-secure or otherwise unknown networks. Zebra recommends disabling Network Notification on devices intended for use only on corporate Wi-Fi networks.

Parm Name: NetworkNotification

Option Name Description Requires
Do not change This (null) value (or the absence of this parm from the XML) will cause no change to the current network notification setting; any previously selected setting will be retained.

MX: 4.2+

true Use network notification Presents user notifications when an unknown, open networks come into range.

MX: 4.2+

false Do not use network notification Prevents user notifications when unknown, open networks come into range.

MX: 4.2+

2.4GHz Channels

Used to enable only the specified channels in the 2.4GHz band. While channels used in this band are generally determined automatically through negotiation with the Wi-Fi infrastructure, channels or sets of channels also can be specified manually to avoid interference with other devices or to dedicate certain channels for specific purposes. Warning: Not all channels are available in all countries. See the List of WLAN Channels for more information.

Parm value input rules:

  • String from 0-64 characters containing a set of valid channels
  • Multiple values must be separated by commas (i.e. "1,6,11,14")
  • Also accepts ranges when specified with a hyphen (-) (i.e. "1,7-10")

Shown if: The selected RF Band is "2.4GHz" or "Auto"

Parm Name: 2.4GHzChannels

Requires:

  • MX: 4.2+

5.0GHz Channels

Used to enable only the specified channels in the 5.0GHz band. While channels used in this band are generally determined automatically through negotiation with the Wi-Fi infrastructure, channels or sets of channels also can be specified manually to avoid interference with other devices or to dedicate certain channels for specific purposes. Warning: Not all channels are available in all countries. See the List of WLAN Channels for more information.

Parm value input rules:

  • String from 0-64 characters containing a set of valid channels
  • Multiple values must be separated by commas (i.e. "7,11,12,16...")
  • Also accepts ranges when specified with a hyphen (-) (i.e. "36-60")

Shown if: The selected RF Band is "5.0GHz" or "Auto"

Parm Name: 5.0GHzChannels

Requires:

  • MX: 4.2+

Specify Diagnostic Options

Specify whether Diagnostic Options will be used. When turned on, Fusion Advanced Logging can also be turned on. This option can be used to collect additional information for troubleshooting but can impact the performance of a device.

Note: In most cases, this option should not be used except under the direction of Zebra support staff.

Parm Name: UseDiagnosticOptions

Option Name Description Requires
true true

MX: 4.4+

false false

MX: 4.4+

Fusion Advanced Logging

Used to enable/disable Fusion Advanced Logging. Available only when Advanced Wi-Fi Options are enabled.

Shown if: The "Specify Diagnostic Options" box is checked

Parm Name: FusionAdvancedLogging

Option Name Description Requires
true true

MX: 4.4+

false false

MX: 4.4+

Use Advanced Options

Used to enable/disable the use of Advanced Wi-Fi Options. Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Parm Name: UseAdvancedOptions

Option Name Description Requires
true true

MX: 4.2+

false false

MX: 4.2+

Network Action

This is used to manage the Wi-Fi network profiles on the device. A given device can have zero or more Wi-Fi network profiles defined, which are used to specify the information that is needed for the device to connect to a single Wi-Fi network. These profiles can each be enabled or disabled. An enabled Wi-Fi network profile can be used to connect to a network and a disabled profile cannot be used to connect to a network. At any given time, the device can be connected to at most one network using a corresponding Wi-Fi network profile. The potential network connections are controlled by which profiles are defined and enabled on the device. It is also possible to force a connection to the network associated with a specific Wi-Fi network profile.

Parm Name: NetworkAction

Option Name Description Requires
Do nothing This value (or the absence of this parm from the XML) will not cause any Network Actions to be performed.

MX: 4.2+

add Add a New Network This value will add a new profile with the provided profile settings. For the options that will be presented when choosing to add a new network, please see the following "SSID" parm and the "Add a New Network Options" section below

MX: 4.2+

Remove Remove an Existing Network This value will remove the a network profile based on the SSID

MX: 4.2+

Connect Connect to an Existing Network This value will initiate a connection to the network based on the SSID

MX: 4.2+

Disconnect Disconnect from an Existing Network This value will disconnect from a network based on the SSID

MX: 4.2+

Enable Enable an Existing Network This value will enable a network profile based on the SSID

MX: 4.2+

Disable Disable an Existing Network This value will disable a network profile based on the SSID

MX: 4.2+

DisableAll Disable All Existing Networks This value will disable all network profiles

MX: 4.2+

RemoveAll Remove All Existing Networks This value will remove all network profiles

MX: 4.2+

SSID

This is the SSID name of the network, which is the primary mechanism used to identify a Wi-Fi network and is used to identify the Wi-Fi network profile to be acted on. Therefore, any Network Action that is used to affect a single profile need to specify the SSID to select the desired profile.

Parm value input rules:

  • String with a minimum size of 1 character and a maximum size of 32 characters

Shown if: The Network Action is any option other than "Do Nothing", "Disable All Existing Networks", or "Remove All Existing Networks"

Parm Name: SSID

Requires:

  • MX: 4.2+

Security Mode

This indicates that the network uses 802.1x Extensible Authentication Protocol (EAP) security. These networks use authentication to establish the entitlement of a device to join the network and then distribute necessary keys once this entitlement has been verified. Security information pertaining to the EAP type and authentication credentials to be used will need to be supplied to configure these networks.

Shown if: The Network Action is "Add a New Network"

Parm Name: NetworkAction

Option Name Description Requires
0 Open An open network indicates that the network uses no security. These kinds of networks are generally not advised to be used for transmitting sensitive data unless other protection mechanisms are used, such as VPNs, data encryption, etc. No additional security information will need to be supplied to configure these networks.

MX: 4.2+

1 Personal This indicates that the network uses basic security. A Pre-Shared Key (PSK) or Wired Equivalency Privacy (WEP) key, which is known to both the device and the Wi-Fi infrastructure, is used to encrypt data. These networks are more secure than open networks, but may be compromised if the keys are not handled securely and/or are not changed periodically. Security information pertaining to the required key will need to be supplied to configure these networks.

MX: 4.2+

2 Enterprise This value will remove the a network profile based on the SSID

MX: 4.2+

WPA Mode

When the selected Security Mode is "Personal" or "Enterprise", the WPA Mode must be specified to determine what sort of key will then be used.

Note: WEP is not supported with a Enterprise Security Mode. It is only supported using Personal Security Mode.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" or "Enterprise"

Parm Name: WPAMode

Option Name Description Requires
1 WPA This indicates that the network requires encryption using the Wi-Fi Protected Access (WPA) standard. WPA only performs encryption using the Temporal Key Integrity Protocol. A TKIP-compatible key will therefore need to be specified.

MX: 4.2+

2 WPA2 This indicates that the network requires encryption using the Wi-Fi Protected Access version 2 (WPA2) standard. WPA2 supports encryption using either the Temporal Key Integrity Protocol (TKIP) for backward compatibility with WPA, or the more secure Advanced Encryption Standard (AES) algorithm. A decision about whether to use TKIP or AES (or auto-select) will need to be made and then a TKIP or AES-compatible key will need to be specified.

MX: 4.2+

3 WPA/WPA2 This indicates that the network supports both the Wi-Fi Protected Access (WPA) standard and the Wi-Fi Protected Access version 2 (WPA2) standard. This is essentially the same effect as selecting WPA2 since WPA2 supports backward compatibility with WPA.

MX: 4.2+

4 WEP This indicates that the network requires encryption using the older, and less secure, Wired Equivalency Privacy (WEP) standard. A decision about the WEP key size to use will need to be made and then a WEP key of the selected size will need to be specified.

MX: 4.2+

Authentication

Used to specify the Authentication Mode used by the network. When a Security Mode of "Enterprise" is selected, an Authentication Mode must be specified to determine how authentication will be performed as part of the 802.1x EAP type used by the network.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise"

Parm Name: Authentication

Option Name Description Requires
1 EAP-TLS This indicates that the network requires authentication using the 802.1x Extensible Authentication Protocol - Transport Layer Security (EAP-TLS) standard (RFC 5216). EAP-TLS requires a device identity to be specified and requires that a client certificate be specified to prove the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

13 EAP-FAST-GTC This indicates that the network requires authentication using a token generated using a Generic Token Card (GTC) within an anonymous TLS tunnel established using the 802.1x Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST) standard (RFC 5422). EAP-FAST-GTC requires a device identity to be specified and requires that a token value (typically obtained from a physical token device) be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

11 WPA/WPA2 This indicates that the network requires authentication using the Microsoft Challenge Authentication Protocol Version 2 (MSCHAPV2) within an anonymous TLS tunnel established using the 802.1x Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST) standard (RFC 5422). EAP-FAST-MSCHAPV2 requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

8 EAP-TTLS-PAP This indicates that the network requires authentication using the Password Authentication Protocol (PAP) within a secure TLS tunnel established using the 802.1x Extensible Authentication Protocol - Tunneled Transport Layer Security (EAP-TTLS) standard (RFC 5281). EAP-TTLS-PAP requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

6 EAP-TTLS-MSCHAP This indicates that the network requires authentication using the Microsoft Challenge Authentication Protocol (MSCHAP) within a secure TLS tunnel established using the 802.1x Extensible Authentication Protocol - Tunneled Transport Layer Security (EAP-TTLS) standard (RFC 5281). EAP-TTLS-MSCHAP requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

7 EAP-TTLS-MSCHAPV2 This indicates that the network requires authentication using the Microsoft Challenge Authentication Protocol Version 2 (MSCHAPV2) within a secure TLS tunnel established using the 802.1x Extensible Authentication Protocol - Tunneled Transport Layer Security (EAP-TTLS) standard (RFC 5281). EAP-TTLS-MSCHAPV2 requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

4 LEAP This indicates that the network requires authentication using the Lightweight Extensible Authentication Protocol (LEAP) defined by Cisco. LEAP uses a modified version of MSCHAP without a secure tunnel and hence can be easily compromised. LEAP requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. Unlike standard EAP modes, LEAP does not support an optional certificate to help verify the identity of the authentication server.

MX: 4.2+

2 PEAP-MSCHAPV2 This indicates that the network requires authentication using the Microsoft Challenge Authentication Protocol Version 2 (MSCHAPV2) within a secure TLS tunnel established using the Protected Extensible Authentication Protocol, (PEAP) defined by Cisco Systems, Microsoft, and RSA Security. PEAP-MSCHAPV2 requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

10 PEAP-GTC This indicates that the network requires authentication using a token generated using a Generic Token Card (GTC) within a secure TLS tunnel established using the Protected Extensible Authentication Protocol, (PEAP) defined by Cisco Systems, Microsoft, and RSA Security. PEAP-GTC requires a device identity to be specified and requires that a token value (typically obtained from a physical token device) be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

14 PEAP-NONE

MX: 5.0+

Identity

Used to specify the Identity, which can be a user name, email address, ID number or other unique identifier. The Identity combines with a Password to form an authentication credential for gaining access to a network. Authentication is required only when "Enterprise" is the selected Security Mode. Once a credential is accepted by the Authentication Server, the Identity is replaced by an encryption key and has no further significance.

Specifying an empty (length of zero) value (or the absence of this parm from the XML) will fail to set an Identity.

Shown if: The Network Action is "Add a New Network" and the Authentication is "PEAP-NONE"

Parm Name: Identity

Requires:

  • MX: 4.2+

Anonymous Identity

Used to specify an Anonymous Identity for systems that support separate authentication outside of a secure tunnel.

When using an EAP type that has a secure tunnel over which authentication credentials can be delivered, it is sometimes necessary to specify an Identity outside the protections of the tunnel. In these cases, an Anonymous Identity can be sent so as not to disclose the actual Identity, password or other verifying credentials. A separate Anonymous Identity can be used only if the Authentication Server is set up to support it.

If no Anonymous Identity is specified, then the actual Identity will be sent outside the tunnel, if required. This may still be secure since the password and/or other verifying credentials are always sent inside the tunnel (in modes that use a tunnel for secure credential delivery). Using the actual Identity outside the tunnel would therefore risk disclosure of only part of the information needed to authenticate.

Parm value input rules:

  • String with a minimum of 0 characters and a maximum of 64 characters

Note: Specifying an empty (length of zero) value (or the absence of this parm from the XML) will fail to set an Anonymous Identity.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is NOT "EAP-TLS" or "LEAP"

Parm Name: AnonymousIdentity

Requires:

  • MX: 4.2+

Password

Used to specify a Password to be used to connect to a network. This parameter name will change according to the value of ProtectPassword:

If ProtectPassword is false:

  • Parm name: PasswordClear
  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is NOT "EAP-TLS"

If Protect Password is true:

  • Parm name: PasswordEncrypted
  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is NOT "EAP-TLS"

Parm value input rules:

  • String with a minimum of 0 characters and a maximum of 64 characters

Note: The encryption process for this parameter value is currently undocumented, and the key required to encrypt is unpublished. Since there is currently no way to store an encrypted, server-supplied password within an XML file, mobile device management (MDM) systems cannot use an encrypted password.

Parm Name: PasswordClear, PasswordEncrypted

Requires:

  • MX: 4.2+

Protect Password

Controls whether passwords will be stored as encrypted or clear text while in transit to the device. Passwords specified in Profile Manager are embedded within an XML file and sent to the device for consumption as part of a configuration. Encrypting a Password using this parameter might be desirable as a security measure to prevent extraction and exploitation in case the XML is intercepted while in transit.

Passwords are stored in clear text on the device unless specifically encrypted using the Protect Password Encryption parameter. Encrypted and clear-text Passwords are stored in a protected area on the device that is inaccessible to users and unauthorized applications.

The Password combines with an Identity to form an authentication credential for gaining access to a network. Authentication is required only when "Enterprise" is the selected Security Mode. All authentication types require a Password except EAP-TLS, which uses a client certificate.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is NOT "EAP-TLS"

Parm Name: ProtectPassword

Requires:

  • MX: 4.2+

Password Protect Encryption

Controls whether the Wi-Fi Password stored on the device is encrypted, thereby preventing access to the clear-text Password on the device by any application or malicious exploit.

Note: Enabling this feature prevents the Google Mobile Service (GMS) backup from successfully restoring Wi-Fi settings to a device, and might effect the operation other device backup systems.

The Password combines with an Identity to form an authentication credential for gaining access to a network. Authentication is required only when "Enterprise" is the selected Security Mode. All authentication types require a Password except EAP-TLS, which uses a client certificate.

Parm Name: PasswordProtectEncryption

Option Name Description Requires
2 Do not change This value (or the absence of this parm from the XML) will cause no change to the current Password Protect Encryption setting; any previously selected setting will be retained.

MX: 6.1+

1 Enable Causes passwords stored on the device to be encrypted.

MX: 6.1+

0 Disable Disables encryption for passwords stored on the device.

MX: 6.1+

Server Certificate Name

Optional parameter that allows the name of a certificate alias to be used to verify the server.

Parm value input rules:

  • String with a minimum of 0 characters and a maximum of 64 characters

Notes:

  • When Security Mode is "Enterprise," the device will not need to authenticate to an Authentication Server using the defined Authentication type. This will involve sending potentially sensitive authentication credentials to the Authentication Server. Zebra does not recommended this unless the authenticity of the Authentication Server can be verified, for example, ensuring it is not attempting to carry out a "man in the middle" attack.

  • The device contacts and challenges the Authentication Server to assert and prove its Identity through the use of a server certificate. The device must be able to establish the validity of that certificate and must trust the chain of authority of the issuer of that certificate. This would all occur whether or not a Server Certificate Name is specified.

  • By default, a certificate asserted by an Authentication Server will be trusted if it can be verified to have been issued by any trusted certificate authority. If a Server Certificate Name is supplied, the certificate asserted by an Authentication Server will be trusted only if it is verified to have been issued by that specific trusted certificate authority. This increases the security by preventing the use of certificates issued by authorities that are not trusted to issue certificates to authentication servers.

  • Specifying an empty (length of zero) value (or the absence of this parm from the XML) will fail to set the Optional Server Certificate.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is "EAP-TLS" or "PEAP-MSCHAPV2" or "EAP-TTLS-MSCHAP" or "EAP-FAST-MSCHAPV2" or "EAP-TTLS-PAP" or "PEAP-GTC" or "EAP-FAST-MSCHAPV2" or "EAP-FAST-GTC" or "PEAP-NONE"

Parm Name: OptionalServerCertificate

Requires:

  • MX: 4.2+

Optional Client Certificate Name

Optional parameter that allows the name of a client certificate alias to be used to join a network. When Authenticating with EAP types other than EAP-TLS (which would not require a client certificate), a client is still allowed. In this case, the client certificate will be used to authenticate the device to the authentication server as part of the establishment of the secure tunnel over which further authentication credentials will be delivered. The client certificate does not need to be unique, even if the authentication credentials are. The use of a client certificate can introduce an additional level of protection by requiring a device to have a valid client certificate as well as valid authentication credentials. The client certificate serves as a first-pass filter.

Parm value input rules:

  • String with a minimum of 0 characters and a maximum of 64 characters

Note: Specifying an empty (length of zero) value (or the absence of this parm from the XML) will fail to set an Optional Server Certificate.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" the Authentication is "PEAP-MSCHAPV2" or "EAP-TTLS-MSCHAP" or "EAP-TTLS-MSCHAPV2" or "EAP-TTLS-PAP" or "PEAP-GTC" or "EAP-FAST-MSCHAPV2" or "EAP-FAST-GTC" or "PEAP-NONE"

Parm Name: OptionalClientCertificate

Requires:

  • MX: 4.2+

Mandatory Client Certificate Name

Used to specify the name of the certificate alias to be used to join the network (Mandatory). When Authenticating using EAP-TLS, a client certificate is used instead of a Password. When the Authentication type is EAP-TLS, a client certificate must be specified and a Password will not be accepted.

Parm value input rules:

  • String with a minimum of 0 characters and a maximum of 64 characters

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is "EAP-TLS"

Parm Name: MandatoryClientCertificate

Requires:

  • MX: 4.2+

WPA2 Encryption Type

Used to specify the Wi-Fi Protected Access II (WPA2) encryption type to enforce on the network for Wi-Fi log-ins.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" or "Enterprise" and the WPA Mode is WPA2 or WPA/WPA2

Parm Name: EncryptionWPA2

Option Name Description Requires
0 Default This value (or the absence of this parm from the XML) will cause no change to the encryption type that is currently selected on the device; any previously selecting setting will be retained.

MX: 4.2+

1 AES-CCMP Selects use of the Advanced Encryption Standard - Counter mode Cipher block chaining Message authentication code Protocol (AES-CCMP) standard, wherein the AES block cipher is used with a per-packet key length of 128 bits.

MX: 4.2+

2 TKIP Selects use of the Temporal Key Integrity Protocol (TKIP) standard with a per-packet key length of 128 bits.

MX: 4.2+

3 AES-CCMP/TKIP Selects the use of either the AES-CCMP standard or the TKIP encryption standard and the proper encryption type to use can be automatically determined by negotiation with the Wi-Fi infrastructure.

MX: 4.2+

WPA Encryption Type

Used to specify the Wi-Fi Protected Access (WPA) encryption type to enforce on the network for Wi-Fi log-ins. The values that can be selected for Encryption Type will vary based on the selections made for Security Mode and WPA Mode. A selection must always be made for Encryption Type whenever Security Mode is not "Open" (no encryption).

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" or "Enterprise" and the WPA Mode is WPA

Parm Name: EncryptionWPA

Option Name Description Requires
0 Default This value (or the absence of this parm from the XML) cause no change to the encryption type that is currently selected on the device; any previously selected setting will be retained.

MX: 4.2+

1 TKIP Selects use of the Temporal Key Integrity Protocol (TKIP) standard with a per-packet key length of 128 bits.

MX: 4.2+

WEP Encryption Type

Used to specify the Wired Equialent Privacy (WEP) encryption type to enforce on the network for Wi-Fi log-ins.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" or "Enterprise" and the WPA Mode is WEP

Parm Name: EncryptionWEP

Option Name Description Requires
1 WEP-40 Selects use of the Wireless Equivalency Privacy (WEP) standard with a key size of 40 bits.

MX: 4.2+

2 WEP-104 Selects use of the Wireless Equivalency Privacy (WEP) standard with a key size of 104 bits.

MX: 4.2+

Key Type

Used to specify the type of encryption key to be used by the network. A key is specified only when the Security Mode is "Personal" since the "Open" Security Mode does not use encryption and the "Enterprise" Security Mode distributes keys automatically after Authentication.

An encryption key can be specified using either of these methods:

  • A hexadecimal value (the key itself)
  • A passphrase used to generate a key using a pre-defined algorithm

The selected method usually depends on the configuration of the Wi-Fi network because the key must be shared between the Wi-Fi infrastructure and the client. Therefore, they must use a common method to specify the key.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal"

Parm Name: KeyType

Option Name Description Requires
HexKey Hex Key The key used by the network to perform encryption will be specified.

MX: 4.2+

Passphrase Passphrase A passphrase derived from the specified key and used by the network to perform encryption.

MX: 4.2+

Protect Key

Enables encryption of the Key. The Key (or the Passphrase used to generate a Key) is generally considered sensitive information since having the Key for a network grants access to that network. Since the Key or Passphrase must be embedded within the XML, it is often desirable to encrypt the Key or Passphrase so it cannot be extracted and exploited if the XML is intercepted. The specified WPA Mode and the Key Type determine what type of Key or Passphrase must used. The value selected for the ProtectKey parameter deterimes whether the Key or Passphrase will be specified as clear or encrypted text.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal"

Parm Name: KeyType

Requires:

  • MX: 4.2+

Passphrase

Controls whether the Key will be encrypted. When the Key Type is Passphrase, then the specified Passphrase will be used to generate the Key. The required Passphrase will vary depending on the WPA Mode specified (WEP or WPA Passphrase).

Note: Currently, the parm value encryption process is not documented and the key that is needed to encrypt is not published. Therefore, an MDM cannot currently use encrypted Keys or Passphrases since there is no way to store an encrypted, server-supplied password in XML file.

If WEP is selected and Protect Key is false:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Passphrase" and the WPA Mode is "WEP" and Protect Key is false
  • Parm name: PassphraseWEPClear
  • Parm value input rules:
    • String with a minimum of 4 characters and a maximum of 32 characters

If WEP is selected and Protect Key is true:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Passphrase" and the WPA Mode is "WEP" and Protect Key is true
  • Parm name: PassphraseWEPEncrypted
  • Parm value input rules:
    • String with a minimum of 4 characters and a maximum of 32 characters
  • Currently, this parm cannot be used effectively by an MDM.

If WEP is not selected and Protect Key is false:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Passphrase" and the WPA Mode is not "WEP" and Protect Key is false
  • Parm name: PassphraseWPAClear
  • Parm value input rules:
    • String with a minimum of 8 characters and a maximum of 63 characters

If WEP is not selected and Protect Key is true:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Passphrase" and the WPA Mode is not "WEP" and Protect Key is true
  • Parm name: PassphraseWPAEncrypted
  • Parm value input rules:
    • String with a minimum of 8 characters and a maximum of 63 characters
  • Currently, this parm cannot be used effectively by an MDM.

Parm Name: PassphraseWEPClear, PassphraseWEPEncrypted, PassphraseWPAClear, PassphraseWPAEncrypted

Requires:

  • MX: 4.2+

Hex Key

When Key Type is Hex Key, then a Key, which is expressed as a sequence of hexadecimal characters, needs to be specified. The type of Key required will vary based on the WPA Mode and Encryption Type specified, since it will need to be either a WEP 40 bit Key, a WEP 104 bit Key, or a 256 bit TKIP/AES-CCMP Key.

Note: Currently, the parm value encryption process is not documented and the key that is needed to encrypt is not published. Therefore, an MDM cannot currently use encrypted Keys or Passphrases since there is no way to store an encrypted, server-supplied password in an XML.

If WEP is not selected and Protect Key is false:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is not "WEP" and Protect Key is false
  • Parm name: HexKeyClear
  • Description: Provide the hex key (64 hex chars) used by network
  • Parm value input rules:
    • String with exactly 64 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 256 bit binary key value that can be used for either TKIP or AES-CCMP encryption.

If WEP is not selected and Protect Key is true:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is not "WEP" and Protect Key is true
  • Parm name: HexKeyEncrypted
  • Description: Provide the hex key (64 hex chars) used by network
  • Parm value input rules:
    • String with exactly 64 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 256 bit binary key value that can be used for either TKIP or AES-CCMP encryption.
  • Currently, this parm cannot be used effectively by an MDM.

If WEP is selected, the encryption type is WEP-40, and Protect Key is false:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is "WEP" and the Encryption Type is "WEP-40" and Protect Key is false
  • Parm name: HexKeyWep40Clear
  • Description: Provide the shared secret WEP-40 key (10 hex chars) used by the network
  • Parm value input rules:
    • String with exactly 10 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 40 bit binary key value that can be used for either WEP encryption.

If WEP is selected, the encryption type is WEP-40, and Protect Key is true:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is "WEP" and the Encryption Type is "WEP-40" and Protect Key is true
  • Parm name: HexKeyWep40Encrypted
  • Description: Provide the shared secret WEP-40 key (10 hex chars) used by the network
  • Parm value input rules:
    • String with exactly 10 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 40 bit binary key value that can be used for either WEP encryption.
  • Currently, this parm cannot be used effectively by an MDM.

If WEP is selected, the encryption type is WEP-104, and Protect Key is false:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is "WEP" and the Encryption Type is "WEP-104" and Protect Key is false
  • Parm name: HexKeyWep104Clear
  • Description: Provide the shared secret WEP-104 key (26 hex chars) used by the network
  • Parm value input rules:
    • String with exactly 26 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 104 bit binary key value that can be used for either WEP encryption.

If WEP is selected, the encryption type is WEP-104, and Protect Key is true:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is "WEP" and the Encryption Type is "WEP-104" and Protect Key is true
  • Parm name: HexKeyWep104Encrypted
  • Description: Provide the shared secret WEP-104 key (26 hex chars) used by the network
  • Parm value input rules:
    • String with exactly 26 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 104 bit binary key value that can be used for either WEP encryption.
  • Currently, this parm cannot be used effectively by an MDM.

Parm Name: HexKeyWEPClear, HexKeyWEPEncrypted, HexKeyWPAClear, HexKeyWPAEncrypted

Requires:

  • MX: 4.2+

WEP Key Index

Some Wi-Fi infrastructure that implements a network using WEP encryption may support multiple WEP keys and a WEP index to indicate which key to use at any given time.

Note: Android does not currently support multiple WEP keys per network. Therefore, only the first WEP key (wep[0]) is supported.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the WPA Mode is "WEP"

Parm Name: WepKeyIndex

Option Name Description Requires
1 wep[0]

MX: +

2 wep[1]

MX: +

3 wep[2]

MX: +

4 wep[3]

MX: +

Use DHCP

When this parm is selected, DHCP will be used. When not selected, Static IP address is used.

Most modern networks use DHCP to automatically assign IP Addresses to devices when they join the network. If DHCP is used, then all requisite IP Address information will be obtained automatically and no additional information will need to be provided.

If DHCP cannot be used for a particular network, then all IP Address information that is needed to operate on that network will need to be specified. None of the following IP Address information parms can be left blank, but they may not all require meaningful values, depending on the network.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the WPA Mode is "WEP"

Parm Name: UseDHCP

Requires:

  • MX: 4.2+

Static IP Address

Provide the static IP address to be assigned to the device on this network.

When not using DHCP, a valid IP Address for the device to use on the network must be specified and that IP Address must not be assigned to any other device on the same network.

Parm value input rules:

  • Must be a valid IPV4 address, example: 191.168.0.1

Shown if: The Network Action is "Add a New Network" and the "Use DHCP" box is not checked

Parm Name: IpAddress

Requires:

  • MX: 4.2+

Gateway 1 IP Address

Provide the IP address of the first gateway to the network.

When not using DHCP, a valid Gateway IP Address may or may not be required. If there is a Gateway that can route traffic out of the current network, then the IP Address of that Gateway should be specified if the device will need to send traffic outside that network. If the network is essentially self-contained, then it may not be important what value is specified for this parm.

Parm value input rules:

  • Must be a valid IPV4 address, example: 191.168.0.1

Shown if: The Network Action is "Add a New Network" and the "Use DHCP" box is not checked

Parm Name: IpGateway1

Requires:

  • MX: 4.2+

Subnet Mask

Provide the subnet mask to be used on the network.

When not using DHCP, a subnet mask must be specified that is consistent with the network and is consistent with the IP Address assigned to the device for use on that network.

Parm value input rules:

  • Must be a valid IPV4 subnet mask, example: 255.255.255.0

Shown if: The Network Action is "Add a New Network" and the "Use DHCP" box is not checked

Parm Name: IpMask

Requires:

  • MX: 4.2+

DNS Server 1 IP Address

Provide the IP address of the DNS server.

When not using DHCP, a valid DNS Server IP Address may or may not be required. If there is a DNS Server that can resolve network names to IP Addresses on the current network, then the IP Address of that server should be specified if the device will need to resolve names for that network. If name resolution is not required, then it may not be important what value is specified for this parm.

Parm value input rules IpDns1:

  • Must be a valid IPV4 address, example: 191.168.0.1

Parm value input rules IpDns2:

  • Must be a valid IPV4 address, example: 191.168.0.1
  • If no alternate DNS Server is available or required, then it may not be important what value is specified for this parm.
  • Specifying an empty (length of zero) value (or the absence of this parm from the XML) will cause the DNS Server 2 IP Address to not be set.

Shown if: The Network Action is "Add a New Network" and the "Use DHCP" box is not checked

Parm Name: IpDns1, IpDns2

Requires:

  • MX: 4.2+

Use Proxy

When selected, a Proxy is used for network connections. You can either manually configure the proxy settings or select the location of a PAC file for automatic configuration. A proxy is a an intermediary service that routes HTTP requests and responses between clients on a device and another network (typically the internet or an intranet). When there is a proxy between the Wi-Fi network and some outer network, then HTTP-based applications, such as a Web Browser, may need to negotiate with that proxy to access the services of that outer network.

Note: In MX 5.0, the parm data type changed from a Boolean to a value selected from the UseProxy list. Please check the list above.

Parm Name: UseProxy

Option Name Description Requires
0 None Since MX 5.0 the use of a code over a boolean value was implemented. This value was unaffected.

MX: 5.0+

1 Manual Since MX 5.0 the use of a code over a boolean was implemented. This value indicates a Manual Proxy.

MX: 5.0+

3 Proxy Auto-Config Automatically use a proxy. This value was introduced in MX 5.0.

MX: 5.0+

Proxy Host Name

Provide the Host Name or IP Address of the computer on which the proxy is running. Host Name can be used only if the network provides suitable name resolution. Otherwise, an IP Address would need to be provided.

Since different Wi-Fi networks may have different proxies connecting them to different outer networks, proxy information, if needed, must be configured for each network.

Parm value input rules:

  • String with a minimum of 1 characters and a maximum of 64 characters

Shown if: The Network Action is "Add a New Network" and "Use Proxy" is set to manual.

Parm Name: ProxyHostName

Requires:

  • MX: 4.2+

Proxy Bypass

Used to specify the host name(s) and/or IP address(es) for direct access by a device, bypassing the Proxy server specified in the Proxy Host Name parameter. Multiple names and/or IP addresses can be specified in any combination, separated by commas. Generally used for specifying internal servers and/or as a means to prevent traffic overload on the specified Proxy server. Traffic bound for any host not specifically excluded using this parameter will be routed through the specified Proxy server.

Zebra recommends testing bypass-proxy settings on a working device before general deployment.

Input rules:

  • String from 1-256 characters specifying one or more host names and/or IP addresses separated by commas. For example: "www.MyBypassProxy.com,192.168.1.100, our.internalServer"

Shown if: The Network Action is "Add a New Network" and "Use Proxy" is set to manual.

Parm Name: BypassProxy

Requires:

  • MX: 4.2+

Proxy Port

Provide the port number of the proxy server on the computer on which the proxy is running on which the proxy is listening.

Shown if: The Network Action is "Add a New Network" and "Use Proxy" is set to manual.

Parm Name: ProxyPort

Requires:

  • MX: 4.2+

Advanced Options

Use of Wi-Fi Advanced Options requires the following:

  • PMKID must be turned on to enable PreAuth (PreAuth =1 and PMKID =1)
  • FT must be turned on to enable FTRIC (FT=1 and FTRIC =1)
  • OKC must be turned off (OKC =0 and PMKID =1) to use PMKID caching

WARNING: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

PAC File Url

Provide the Host Name or IP Address of the location of where the proxy PAC file is located. This can be used only if the network provides suitable name resolution. Otherwise, an IP Address would need to be provided.

Since different Wi-Fi networks may have different proxies connecting them to different outer networks, proxy information, if needed, must be configured for each network.

Parm value input rules:

  • String with a minimum of 1 characters and a maximum of 64 characters

Shown if: The Network Action is "Add a New Network" and "Use Proxy" is set to Proxy Auto-Config.

Parm Name: PROXYPAC

Requires:

  • MX: 5.0+

Auto Time Config

Used to enable/disable AutoTimeConfig feature, a Zebra-specific feature that updates the device timestamp based on Zebra IE in the 802.11 beacon. Not supported on TC70 QC GA1/GA2 running Android KitKat.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: AutoTimeConfig

Requires:

  • MX: 4.2+

HFSR

Used to enable/disable Hyper Fast Secure Roam (HFSR), Zebra's fast roam algorithm. Not supported on TC70 QC GA1/GA2, TC75 GA and TC55 GA devices running Android KitKat.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: HFSR

Requires:

  • MX: 4.2+

CKM

Used to enable/disable the CCX roam algorithm (CCKM).

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: CCKM

Requires:

  • MX: 4.2+

Aggregated Fast Transition

Controls the Fast Transition roam algorithm (802.11r), which improves on IEEE 802.11r Over-the-DS fast roaming. When used in conjunction with Zebra wireless LAN infrastructure, the device will achieve more reliable and consistent fast roaming. Enabled by default.

Not supported on TC70 QC GA1 devices running Android KitKat.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: FT

Requires:

  • MX: 4.2+

FTRIC

Used to enables/disable the Fast Transition Resource Request (802.11r). Not supported on TC70 QC GA1/GA2, TC75 GA or TC55 GA devices running Android KitKat.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: FTRIC

Requires:

  • MX: 4.2+

OKC

Used to enable/disable Opportunistic Key Caching (OKC).

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: OKC

Requires:

  • MX: 4.2+

PreAuth

Used to enable/disable 802.1x Pre-Authentication. Not supported on TC70 QC GA1/GA2 or TC75 GA devices running Android KitKat.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: PreAuth

Requires:

  • MX: 4.2+

PMKID

Used to enable/disable PMKID Caching. If PMKID is enabled, OKC must be disabled for PMKID caching to operate.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: PMKID

Requires:

  • MX: 4.2+

Power Save Mode

Used to configure the Power Save Mode from the settings table below. The default "Fast Power Save" value must be used for the "Power Save" parameter; the "Do not change" value will result in failure.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: PowerSave

Option Name Description Requires
0 Do not change

MX: 4.2+

1 Always Active

MX: 4.2+

2 Fast Power Save (Deprecated)

MX: 4.2+

3 Max Power Save (Deprecated)

MX: 4.2+

4 WMM-PS

MX: 4.4+

5 Null Data Power Save

MX: 4.4+

6 PS-POLL

MX: 4.4+

99 Unsupported

MX: 6.2+

WLAN Power Save Mode

Used to select the Power Save Mode for the WLAN radio.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: WLANPowerSave

Option Name Description Requires
0 WMM-PS

MX: 4.3+

1 Null Data Power Save

MX: 4.3+

2 PS-POLL

MX: 4.3+

3 Do not change

MX: 4.3+

99 Unsupported

MX: 6.2+

Advanced Logging

Used to start or stop advanced Wi-Fi logging.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: AdvancedLogging

Requires:

  • MX: 4.2+

FIPS

Used to enable/disable FIPS data in motion supported in WLAN. WLAN FIPS 140-2, level 1 compliance. Not supported on TC70 QC GA1/GA2, TC75 GA or TC55 GA devices running Android KitKat.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: FIPS

Requires:

  • MX: 4.2+

Enable Restricted Settings UI

Used to enable/disable read-only mode for Wi-Fi settings according to the values in the table below. Not supported on TC70 QC GA1/GA2 running Android KitKat.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: PowerSave

Option Name Description Requires
0 Do not change

MX: +

1 Disable Restricted WLAN Settings UI

MX: +

2 Enable Restricted WLAN Settings UI

MX: +

Radio Resource Management (802.11k)

Used to enable/disable Radio Resource Management, which measures transmit power, data rates and other wireless characteristics in an effort to optimize communication efficiency. Not supported on TC70 QC GA1/GA2 running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: 802.11K

Requires:

  • MX: 4.3+

Management Frame Protection Mode (802.11w)

Used to specify the Management Frame Protection Mode from the values in the table below. Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: 802.11w

Option Name Description Requires
0 No MFP

MX: 4.3+

1 Capable

MX: 4.3+

2 Mandatory

MX: 4.3+

3 Do not change

MX: 4.3+

99 Unsupported

MX: 6.2+

Select Band Preference

Used to specify the preferred Wi-Fi band. Not supported on MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: BandPreference

Option Name Description Requires
0 No Preference

MX: 4.3+

1 Prefer 2.4GHz

MX: 4.3+

2 Prefer 5.0GHz

MX: 4.3+

3 Do not change

MX: 4.3+

99 Unsupported

MX: 6.2+

FT Over The DS

Used to enable/disable Fast Transition over the Distribution System (FTOverTheDS). Enabled by default. Also known as 802.11r Over-the-DS, this fast roam standard reduces the number frames exchanged when the device roams from one AP to another if the infrastructure supports it. Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: FTOverTheDS

Requires:

  • MX: 4.3+

ScanAssist

Used to enable/disable ScanAssist. This feature improves roaming on Zebra devices by allowing the device to monitor neighboring access points to retrieve roam-related information from the Zebra wireless LAN infrastructure without doing scans. Enabled by default.

Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: ScanAssist

Requires:

  • MX: 4.3+

AggregatedFT

Used to enable/disable the AggregatedFT feature. Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: AggregatedFT

Requires:

  • MX: 4.3+

Coverage Hole Detection

Used to enable/disable Coverage Hole Detection, which reports gaps in signal coverage to the Zebra wireless LAN infrastructure. Enabled by default. Network administrators can detect and mitigate coverage gaps present in the network for greater reliability. Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: CHD

Requires:

  • MX: 4.3+

Subnet Roam

Used to enable subnet roaming. Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: SubNetRoam

Requires:

  • MX: 4.4+

WAN Country

Used to enable/disable WAN Country, which obtains country information from the WAN Interface (GSM/CDMA base station) and applies regulatory rules based on the Country Code received. Supported only on WAN based devices. Not supported on TC70 QC GA1/GA2 running Android KitKat, or MPA3 RevB- or RevC-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: WANCountry

Requires:

  • MX: 4.3+

Examples

Managing Certificates Related to Wi-Fi Networks

Initialize the Android KeyStore

Note: This must be done for a new device before you can install certificates.

Without a password:


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="4"/>
    </characteristic>
</wap-provisioningdoc>


With a password:


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="4"/>
        <characteristic type="keystore-details">
            <parm name="KeystorePassword" value="password"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Remove a Certificate:


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="2"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName1"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Install a CA certificate (.PEM file):


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="1"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName2"/>
            <parm name="CertType" value="5"/>
            <parm name="CertMethod" value="2"/>
            <parm name="CertFileCA" value="/path/to/cert.pem"/>
            <parm name="CertAdjustClock" value="false"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Install a client certificate (.PEM file):


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="1"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName2"/>
            <parm name="CertType" value="6"/>
            <parm name="CertMethod" value="2"/>
            <parm name="CertFileClient" value="/path/to/cert.pem"/>
            <parm name="CertAdjustClock" value="false"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Install a client certificate and private key (.PFX file):


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="1"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName2"/>
            <parm name="CertType" value="8"/>
            <parm name="CertMethod" value="2"/>
            <parm name="CertFileClient" value="/path/to/cert.pem"/>
            <parm name="CertAdjustClock" value="false"/>
            <parm name="PrivateKeyPassword" value="pass"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Install a client certificate and private key (.P12 file):


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="1"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName2"/>
            <parm name="CertType" value="9"/>
            <parm name="CertMethod" value="2"/>
            <parm name="CertFileClient" value="/path/to/cert.pem"/>
            <parm name="CertAdjustClock" value="false"/>
            <parm name="PrivateKeyPassword" value="pass"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Install a client certificate and private key (.PKCS12 file):


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="1"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName2"/>
            <parm name="CertType" value="9"/>
            <parm name="CertMethod" value="10"/>
            <parm name="CertFileClient" value="/path/to/cert.pem"/>
            <parm name="CertAdjustClock" value="false"/>
            <parm name="PrivateKeyPassword" value="pass"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Country Selection

Selecting a Country:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="1"/>
        <characteristic type="Regulatory">
            <parm name="Country" value="US"/>
        </characteristic>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
    </characteristic>
</wap-provisioningdoc>


Using the Auto Option:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="1"/>
        <characteristic type="Regulatory">
            <parm name="Country" value="AUTO"/>
        </characteristic>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
    </characteristic>
</wap-provisioningdoc>


Band Selection

Set 2.4 GHz:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <characteristic type="Radio">
            <parm name="BandSelection" value="2.4GHz"/>
            <characteristic type="ChannelSelection">
                <parm name="2.4GHzChannels" value="1"/>
            </characteristic>
        </characteristic>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
    </characteristic>
</wap-provisioningdoc>


Set 5.0 GHz:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <characteristic type="Radio">
            <parm name="BandSelection" value="5.0GHz"/>
            <characteristic type="ChannelSelection">
                <parm name="5.0GHzChannels" value="36"/>
            </characteristic>
        </characteristic>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
    </characteristic>
</wap-provisioningdoc>


Set Auto (both 2.4 and 5.0 GHz):


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <characteristic type="Radio">
            <parm name="BandSelection" value="Auto"/>
            <characteristic type="ChannelSelection">
                <parm name="2.4GHzChannels" value="1"/>
                <parm name="5.0GHzChannels" value="36"/>
            </characteristic>
        </characteristic>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
    </characteristic>
</wap-provisioningdoc>


Add Wi-Fi Network

Adding an Open Network:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="0"/>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding a Personal Network with WPA:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="1"/>
            <parm name="WPAMode" value="1"/>
            <characteristic type="key-details">
                <parm name="KeyType" value="Passphrase"/>
                <parm name="ProtectKey" value="0"/>
                <parm name="PassphraseWPAClear" value="KsdU6X3u"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding a Personal Network with WPA and TKIP:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="1"/>
            <parm name="WPAMode" value="1"/>
            <characteristic type="auth-details">
                <characteristic type="encryption-details">
                    <parm name="EncryptionWPA" value="1"/>
                </characteristic>
            </characteristic>
            <characteristic type="key-details">
                <parm name="KeyType" value="Passphrase"/>
                <parm name="ProtectKey" value="0"/>
                <parm name="PassphraseWPAClear" value="KsdU6X3u"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding a Personal Network with WPA2:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="1"/>
            <parm name="WPAMode" value="2"/>
            <characteristic type="key-details">
                <parm name="KeyType" value="Passphrase"/>
                <parm name="ProtectKey" value="0"/>
                <parm name="PassphraseWPAClear" value="KsdU6X3u"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding a Personal Network with WPA/WPA2:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="1"/>
            <parm name="WPAMode" value="3"/>
            <characteristic type="key-details">
                <parm name="KeyType" value="Passphrase"/>
                <parm name="ProtectKey" value="0"/>
                <parm name="PassphraseWPAClear" value="KsdU6X3u"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding a Personal Network with WEP:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="1"/>
            <parm name="WPAMode" value="4"/>
            <characteristic type="auth-details">
                <characteristic type="encryption-details">
                    <parm name="EncryptionWEP" value="1"/>
                </characteristic>
            </characteristic>
            <characteristic type="key-details">
                <parm name="KeyType" value="Passphrase"/>
                <parm name="ProtectKey" value="0"/>
                <parm name="PassphraseWEPClear" value="KsdU6X3u"/>
                <parm name="WepKeyIndex" value="1"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding an Enterprise Network with WPA:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="2"/>
            <parm name="WPAMode" value="1"/>
            <parm name="Authentication" value="1"/>
            <characteristic type="auth-details">
                <parm name="OptionalServerCertificate" value="serverCertName"/>
                <parm name="MandatoryClientCertificate" value="clientCertName"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding an Enterprise Network with WPA2:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="2"/>
            <parm name="WPAMode" value="2"/>
            <parm name="Authentication" value="1"/>
            <characteristic type="auth-details">
                <parm name="OptionalServerCertificate" value="serverCertName"/>
                <parm name="MandatoryClientCertificate" value="clientCertName"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding an Enterprise Network with WPA/WPA2:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="2"/>
            <parm name="WPAMode" value="3"/>
            <parm name="Authentication" value="1"/>
            <characteristic type="auth-details">
                <parm name="OptionalServerCertificate" value="serverCertName"/>
                <parm name="MandatoryClientCertificate" value="clientCertName"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding an Enterprise Network with WEP:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="2"/>
            <parm name="WPAMode" value="4"/>
            <parm name="Authentication" value="1"/>
            <characteristic type="auth-details">
                <characteristic type="encryption-details">
                    <parm name="EncryptionWEP" value="1"/>
                </characteristic>
                <parm name="OptionalServerCertificate" value="serverCertName"/>
                <parm name="MandatoryClientCertificate" value="clientCertName"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>