Wifi Manager

EMDK For Xamarin - 2.1

Overview

The Wi-Fi Manager administers a device's Wi-Fi settings and network profiles for remembering and connecting to networks.

Note: The terms "enable" and "disable" in this CSP are equivalent to "turn on" and "turn off." Those terms in other CSPs refer to the feature's Usage setting, which is the ability of the device user to access the feature at all.

Main Functionality

Enable Wi-Fi
Disable Wi-Fi
Set Wi-Fi to Never Sleep
Set Wi-Fi to Never Sleep When Plugged In
Set Wi-Fi to Always Sleep
Use Network Notifications
Do Not Use Network Notifications
Enable Auto Country Selection
Manually Select country
Set the RF Band
Enable Auto RF Band Selection
Enable Fusion Advanced Logging
Enable the Device to set the Clock off the AP (Access Point) Time
Enable HF SR (Hyper Fast Secure Roam)
Disable HF SR (Hyper Fast Secure Roam)
Enable CCKM (Cisco Centralized Key Management)
Disable CCKM (Cisco Centralized Key Management)
Enable FT (Fast Transition)
Disable FT (Fast Transition)
Enable FTRIC (Fast Transition Resource Request)
Disable FTRIC (Fast Transition Resource Request)
Enable OKC (Opportunistic Key Caching)
Disable OKC (Opportunistic Key Caching)
Enable PMKID Caching
Disable PMKID Caching
Enable PreAuth
Disable PreAuth
Set Power Savings Mode to Always Active
Set Power Savings Mode to WMM-PS
Set Power Savings Mode to Null Data Power Save
Set Power Savings Mode to PS-POLL
Enable Advanced Logging
Disable Advanced Logging
Enable FIPS Compliance
Disable FIPS Compliance
Enable Restricted WLAN Settings UI
Disable Restricted WLAN Settings UI
Enable Radio Resource Measurement(802.?11K)
Disable Radio Resource Measurement(802.?11K)
Enable Management Frame Protection Mode(802.?11w)
Disable Management Frame Protection Mode(802.?11w)
Set the band preference
Enable FTOverTheDS
Disable FTOverTheDS
Enable AggregatedFT
Disable AggregatedFT
Enable ScanAssist
Disable ScanAssist
Enable Coverage Hole Detection
Disable Coverage Hole Detection
Enable Sub-Net Roam
Disable Sub-Net Roam
Enable WANCountry
Disable WANCountry
Add a Wi-Fi Network
Remove a Wi-Fi Network
Connect to a Wi-Fi Network
Disconnect from a Wi-Fi Network
Enable an Existing Wi-Fi Network
Disable an Existing Wi-Fi Network
Disable all Existing Wi-Fi Networks
Remove all Existing Wi-Fi Networks

Target OS

Specify the target OS of the device.

Parm Name: TargetOS

Option	Name	Description	Requires
2	Android		MX: 4.2+

Wi-Fi Enable

Turn the Wi-Fi radio on or off.

Note: In order for settings to be applied, Wi-Fi must be turned on. If you do not specify WiFi Enable in the profile, you will get an error when attempting to apply certain settings if the device's Wi-Fi is not already turned on. For example, all of the Network Actions, which are described later in this document, will require that Wi-Fi is turned on. However, other settings, such as Sleep Policy and Network Notification, do not require Wi-Fi to be turned on.

As a best practice, it is recommended that this is turned on whenever setting another Wi-Fi parm that requires to be on, as it is not harmful to enable the Wi-Fi again if it is already on.

Note: In other CSPs, the terms "enable" and "disable" refer to whether or not the user will be allowed to turn the device on or off at all. However, in this CSP, "enable" and "disable" are equivalent to "turn on" and "turn off".

Parm Name: WiFiAction

Option	Name	Description	Requires
0	Do not change	This value (or the absence of this parm from the XML) will not make any change to the whether the Wi-Fi radio is on or off.	MX: 4.2+
enable	Enable	This value will cause the Wi-Fi radio to be turned on.	MX: 4.2+
disable	Disable	This value will cause the Wi-Fi radio to be turned off.	MX: 4.2+

Sleep Policy

Specifies the state of the Wi-Fi radio when the device suspends.

For Android devices, the device is suspended when the display turns off after idling for a certain amount of time. While the device is suspended, the device's software continues running in a lower power mode, meaning that the device itself is not turned off and software can run when the device is in this state. The amount of power consumption while in this state partially depends on what features are left on.

Parm Name: WifiSleepPolicy

Option	Name	Description	Requires
	Do not change	This value (or the absence of this parm from the XML) will not make any change to the current sleep policy on the device.	MX: 4.2+
Never Sleep	Never Sleep	This value will leave the Wi-Fi radio on while the device's display is turned off and Wi-Fi can continue to be used by any software that is running. Existing Wi-Fi connections will be maintained as if the device was not suspended. For example, emails will continue to come in. This behavior may be preferred in some situations. However, this could significantly increase the drain on the battery and reduce the battery life.	MX: 4.2+
PluggedIn	Never Sleep When Plugged	This value will leave the Wi-Fi radio on while the display is turned off if the device is not running from battery power.	MX: 4.2+
NeverOn	Always Sleep	This value turns the Wi-Fi radio off while the device's display is turned off. Existing Wi-Fi connections will be dropped and will need to be re-established, if needed, when the display (and Wi-Fi) are turned back on. Software that is running cannot use Wi-Fi while it is off. This can significantly increase the battery life if communications are not needed when the device is suspended.	MX: 4.2+

Country Selection Auto/Manual

By leaving this option unchecked, the country may be determined by the router or access point setting. To manually select the country, you should select the checkbox. When doing this a country drop-down will appear.

Parm Name: UseRegulatory

Option	Name	Description	Requires
true	true	Manually select the country.	MX: 4.2+
false	false	Country determined by the router.	MX: 4.2+

Network Notification

Specifies whether or not to notify the user when an unknown, open network comes in range. If this setting is turned on, the user will be asked if they want to join the network, which could be useful for personal or dual use devices which might want to use a public Wi-Fi connection at some point. However, turning these notifications on is not recommended for devices that are supposed to be used only on a single corporate Wi-Fi network since it might be harmful to offer a user the opportunity to connect to a rogue, non-secure network.

Parm Name: NetworkNotification

Option	Name	Description	Requires
	Do not change	This value (or the absence of this parm from the XML) will not make any change to the current network notification setting.	MX: 4.2+
true	Use network notification	This value will cause the user to be notified when an unknown, open network comes into range.	MX: 4.2+
false	Do not use network notification	This value will cause the user to not be notified when an unknown, open network comes into range.	MX: 4.2+

Country

Sets the country to use for Wi-Fi regulatory setting.

When you choose 'AUTO' in the drop-down, 802.11d will be enabled. 802.11d is a mode where the device will listen for a country-specific beacon. It also will not transmit unless it can auto-detect the country, which can be beneficial because the device cannot transmit with a frequency that is inconsistent with the Wi-Fi infrastructure and is therefore less likely to violate country-specific regulations.

If a Wi-Fi infrastructure does not support, 802.11d, then the country that is used by this infrastructure will need to be selected so that the device can connect to it.

Shown if: The "Configure Country (Auto/Manual)" box is not checked

Parm Name: Country

Option	Name	Requires
AUTO	AUTO (Use 802.11d)	MX: 4.2+
DZ	Algeria	MX: 4.2+
AI	Anguilla	MX: 4.2+
AR	Argentina	MX: 4.2+
AU	Australia	MX: 4.2+
AT	Austria	MX: 4.2+
BS	Bahamas	MX: 4.2+
BH	Bahrain	MX: 4.2+
BB	Barbados	MX: 4.2+
BY	Belarus	MX: 4.2+
BE	Belgium	MX: 4.2+
BM	Bermuda	MX: 4.2+
BO	Bolivia	MX: 4.2+
BQ	Bonaire	MX: 4.2+
BA	Bosnia and Herzegovina	MX: 4.2+
BR	Brazil	MX: 4.2+
BG	Bulgaria	MX: 4.2+
CA	Canada	MX: 4.2+
KY	Cayman Islands	MX: 4.2+
CL	Chile	MX: 4.2+
CN	China	MX: 4.2+
CX	Christmas Island	MX: 4.2+
CO	Columbia	MX: 4.2+
CR	Costa Rica	MX: 4.2+
HR	Croatia	MX: 4.2+
CW	Curacao	MX: 4.2+
CY	Cyprus	MX: 4.2+
CZ	Czech Republic	MX: 4.2+
DK	Denmark	MX: 4.2+
DO	Dominican Republic	MX: 4.2+
EC	Ecuador	MX: 4.2+
EG	Egypt	MX: 4.2+
SV	El Salvador	MX: 4.2+
EE	Estonia	MX: 4.2+
FK	Falkland Islands(Malvinas)	MX: 4.2+
FI	Finland	MX: 4.2+
FR	France	MX: 4.2+
GF	French Guiana	MX: 4.2+
DE	Germany	MX: 4.2+
GR	Greece	MX: 4.2+
GP	Guadelope	MX: 4.2+
GU	Guam	MX: 4.2+
GT	Guatemala	MX: 4.2+
GY	Guyana	MX: 4.2+
HT	Haiti	MX: 4.2+
HN	Honduras	MX: 4.2+
HK	Hong Kong	MX: 4.2+
HU	Hungary	MX: 4.2+
IS	Iceland	MX: 4.2+
IN	India	MX: 4.2+
ID	Indonesia	MX: 4.2+
IE	Ireland	MX: 4.2+
IL	Israel	MX: 4.2+
IT	Italy	MX: 4.2+
JM	Jamaica	MX: 4.2+
JP	Japan	MX: 4.2+
JO	Jordan	MX: 4.2+
KZ	Kazakhstan	MX: 4.2+
KE	Kenya	MX: 4.2+
KR	Korea Republic	MX: 4.2+
KW	Kuwait	MX: 4.2+
LV	Latvia	MX: 4.2+
LB	Lebanon	MX: 4.2+
LI	Liechtenstein	MX: 4.2+
LT	Lithuania	MX: 4.2+
LU	Luxembourg	MX: 4.2+
MK	Macedonia, Former Yugoslav Republic	MX: 4.2+
MY	Malaysia	MX: 4.2+
MT	Malta	MX: 4.2+
MQ	Martinique	MX: 4.2+
MX	Mexico	MX: 4.2+
ME	Montenegro	MX: 4.2+
MA	Morocco	MX: 4.2+
AN	Netherlands, Antilles	MX: 4.2+
NL	Netherlands	MX: 4.2+
NZ	New Zealand	MX: 4.2+
NI	Nicaragua	MX: 4.2+
NG	Nigeria	MX: 4.2+
NU	Niue	MX: 4.2+
NF	Norfolk Islands	MX: 4.2+
MP	Northern Marina Islands	MX: 4.2+
NO	Norway	MX: 4.2+
OM	Oman	MX: 4.2+
PK	Pakistan	MX: 4.2+
PA	Panama	MX: 4.2+
PY	Paraguay	MX: 4.2+
PE	Peru	MX: 4.2+
PH	Philippines	MX: 4.2+
PL	Poland	MX: 4.2+
PT	Portugal	MX: 4.2+
PR	Puerto Rico	MX: 4.2+
QA	Qatar	MX: 4.2+
RO	Romania	MX: 4.2+
RU	Russian Federation	MX: 4.2+
SX	St. Maarten	MX: 4.2+
SA	Saudi Arabia	MX: 4.2+
RS	Serbia	MX: 4.2+
SG	Singapore	MX: 4.2+
SK	Slovakia	MX: 4.2+
SI	Slovenia	MX: 4.2+
ZA	South Africa	MX: 4.2+
ES	Spain	MX: 4.2+
LK	Sri Lanka	MX: 4.2+
SE	Sweden	MX: 4.2+
CH	Switzerland	MX: 4.2+
TW	Taiwan, Province of China	MX: 4.2+
TH	Thailand	MX: 4.2+
TT	Trinidad and Tobago	MX: 4.2+
TN	Tunisia	MX: 4.2+
TR	Turkey	MX: 4.2+
UA	Ukraine	MX: 4.2+
AE	United Arab Emirates	MX: 4.2+
GB	United Kingdom	MX: 4.2+
US	U.S.A.	MX: 4.2+
UY	Uruguay	MX: 4.2+
VE	Venezuela	MX: 4.2+
VN	Vietnam	MX: 4.2+
VG	Virgin Islands(British)	MX: 4.2+
VI	Virgin Islands(US)	MX: 4.2+

RF Band

Specifies the 802.11 band(s) to use. The bands to use will usually be determined automatically through negotiation with the Wi-Fi infrastructure. However, in some cases, the Wi-Fi infrastructure may be shared amongst multiple uses, which may mean that it would be preferable to limit the devices to one band and leave the other bands for other purposes.

Parm Name: BandSelection

Option	Name	Description	Requires
	Unchanged	This value (or the absence of this parm from the XML) will not make any change to the current selected band on the device.	MX: 4.2+
2.4GHZ	2.4GHZ	TThis value will enable 2.4GHz band.	MX: 4.2+
5.0GHZ	5.0GHZ	This value will enable 5.0GHz band.	MX: 4.2+
Auto	Auto	This value will enable both bands and connect automatically to either.	MX: 4.2+

2.4GHz Channels

Enable the specified channels in the 2.4GHz band. In most cases, if the 2.4GHZ band is allowed to be used, then the channels in this band that should be used can be determined automatically through negotiation with the Wi-Fi infrastructure. However, it may be beneficial to control the channels manually because different channels or sets of channels might be used for different uses. It may be preferable to limit the devices to only use certain channels so that other channels are left for other purposes.

Parm value input rules:

String containing a set of valid channels.
- Not all channels are available in all every country. Please see the link below for more information:
  - https://en.wikipedia.org/wiki/List_of_WLAN_channels
The minimum length is 0 characters and the maximum length is 64 characters.
Comma separated and may contain a range specified with a dash '-'. Example: 1,7-10

Shown if: The RF Band that is selected is either 2.4GHz or Auto

Parm Name: 2.4GHzChannels

Requires:

MX: 4.2+

5.0GHz Channels

Enable the specified channels in the 5.0GHz band. In most cases, if the 5.0GHZ band is allowed to be used, then the channels in this band that should be used can be determined automatically through negotiation with the Wi-Fi infrastructure. However, it may be beneficial to control the channels manually because different channels or sets of channels might be used for different uses. It may be preferable to limit the devices to only use certain channels so that other channels are left for other purposes.

Parm value input rules:

String containing a set of valid channels.
- Not all channels are available in all every country. Please see the link below for more information:
  - https://en.wikipedia.org/wiki/List_of_WLAN_channels
The minimum length is 0 characters and the maximum length is 64 characters.
Comma separated and may contain a range specified with a dash '-'. Example: 36-60

Shown if: The RF Band that is selected is either 5.0GHz or Auto

Parm Name: 5.0GHzChannels

Requires:

MX: 4.2+

Specify Diagnostic Options

Specify whether Diagnostic Options will be used. When turned on, Fusion Advanced Logging can also be turned on. This option can be used to collect additional information for troubleshooting but can impact the performance of a device.

Note: In most cases, this option should not be used except under the direction of Zebra support staff.

Parm Name: UseDiagnosticOptions

Option	Name	Description	Requires
true	true		MX: 4.4+
false	false		MX: 4.4+

Fusion Advanced Logging

Specify whether Fusion Advanced Logging will be used

Shown if: The "Specify Diagnostic Options" box is checked

Parm Name: FusionAdvancedLogging

Option	Name	Description	Requires
true	true		MX: 4.4+
false	false		MX: 4.4+

Specify Advanced Options

Specify whether Advanced Options will be used. In most cases, these options should not be used except under the direction of Zebra support staff.

Parm Name: UseAdvancedOptions

Option	Name	Description	Requires
true	true		MX: 4.2+
false	false		MX: 4.2+

Network Action

This is used to manage the Wi-Fi network profiles on the device. A given device can have zero or more Wi-Fi network profiles defined, which are used to specify the information that is needed for the device to connect to a single Wi-Fi network. These profiles can each be enabled or disabled. An enabled Wi-Fi network profile can be used to connect to a network and a disabled profile cannot be used to connect to a network. At any given time, the device can be connected to at most one network using a corresponding Wi-Fi network profile. The potential network connections are controlled by which profiles are defined and enabled on the device. It is also possible to force a connection to the network associated with a specific Wi-Fi network profile.

Parm Name: NetworkAction

Option	Name	Description	Requires
	Do nothing	This value (or the absence of this parm from the XML) will not cause any Network Actions to be performed.	MX: 4.2+
add	Add a New Network	This value will add a new profile with the provided profile settings. For the options that will be presented when choosing to add a new network, please see the following "SSID" parm and the "Add a New Network Options" section below	MX: 4.2+
Remove	Remove an Existing Network	This value will remove the a network profile based on the SSID	MX: 4.2+
Connect	Connect to an Existing Network	This value will initiate a connection to the network based on the SSID	MX: 4.2+
Disconnect	Disconnect from an Existing Network	This value will disconnect from a network based on the SSID	MX: 4.2+
Enable	Enable an Existing Network	This value will enable a network profile based on the SSID	MX: 4.2+
Disable	Disable an Existing Network	This value will disable a network profile based on the SSID	MX: 4.2+
DisableAll	Disable All Existing Networks	This value will disable all network profiles	MX: 4.2+
RemoveAll	Remove All Existing Networks	This value will remove all network profiles	MX: 4.2+

SSID

This is the SSID name of the network, which is the primary mechanism used to identify a Wi-Fi network and is used to identify the Wi-Fi network profile to be acted on. Therefore, any Network Action that is used to affect a single profile need to specify the SSID to select the desired profile.

Parm value input rules:

String with a minimum size of 1 character and a maximum size of 32 characters

Shown if: The Network Action is any option other than "Do Nothing", "Disable All Existing Networks", or "Remove All Existing Networks"

Parm Name: SSID

Requires:

MX: 4.2+

Security Mode

This indicates that the network uses 802.1x Extensible Authentication Protocol (EAP) security. These networks use authentication to establish the entitlement of a device to join the network and then distribute necessary keys once this entitlement has been verified. Security information pertaining to the EAP type and authentication credentials to be used will need to be supplied to configure these networks.

Shown if: The Network Action is "Add a New Network"

Parm Name: NetworkAction

Option	Name	Description	Requires
0	Open	An open network indicates that the network uses no security. These kinds of networks are generally not advised to be used for transmitting sensitive data unless other protection mechanisms are used, such as VPNs, data encryption, etc. No additional security information will need to be supplied to configure these networks.	MX: 4.2+
1	Personal	This indicates that the network uses basic security. A Pre-Shared Key (PSK) or Wired Equivalency Privacy (WEP) key, which is known to both the device and the Wi-Fi infrastructure, is used to encrypt data. These networks are more secure than open networks, but may be compromised if the keys are not handled securely and/or are not changed periodically. Security information pertaining to the required key will need to be supplied to configure these networks.	MX: 4.2+
2	Enterprise	This value will remove the a network profile based on the SSID	MX: 4.2+

WPA Mode

When the selected Security Mode is "Personal" or "Enterprise", the WPA Mode must be specified to determine what sort of key will then be used.

Note: WEP is not supported with a Enterprise Security Mode. It is only supported using Personal Security Mode.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" or "Enterprise"

Parm Name: WPAMode

Option	Name	Description	Requires
1	WPA	This indicates that the network requires encryption using the Wi-Fi Protected Access (WPA) standard. WPA only performs encryption using the Temporal Key Integrity Protocol. A TKIP-compatible key will therefore need to be specified.	MX: 4.2+
2	WPA2	This indicates that the network requires encryption using the Wi-Fi Protected Access version 2 (WPA2) standard. WPA2 supports encryption using either the Temporal Key Integrity Protocol (TKIP) for backward compatibility with WPA, or the more secure Advanced Encryption Standard (AES) algorithm. A decision about whether to use TKIP or AES (or auto-select) will need to be made and then a TKIP or AES-compatible key will need to be specified.	MX: 4.2+
3	WPA/WPA2	This indicates that the network supports both the Wi-Fi Protected Access (WPA) standard and the Wi-Fi Protected Access version 2 (WPA2) standard. This is essentially the same effect as selecting WPA2 since WPA2 supports backward compatibility with WPA.	MX: 4.2+
4	WEP	This indicates that the network requires encryption using the older, and less secure, Wired Equivalency Privacy (WEP) standard. A decision about the WEP key size to use will need to be made and then a WEP key of the selected size will need to be specified.	MX: 4.2+

Authentication

This is the Authentication Mode used by the network. When a Security Mode of "Enterprise" is selected, an Authentication Mode will need to be specified to determine how authentication will be performed as part of the 802.1x EAP type used by the network.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise"

Parm Name: Authentication

Option	Name	Description	Requires
1	EAP-TLS	This indicates that the network requires authentication using the 802.1x Extensible Authentication Protocol - Transport Layer Security (EAP-TLS) standard (RFC 5216). EAP-TLS requires a device identity to be specified and requires that a client certificate be specified to prove the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.	MX: 4.2+
13	EAP-FAST-GTC	This indicates that the network requires authentication using a token generated using a Generic Token Card (GTC) within an anonymous TLS tunnel established using the 802.1x Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST) standard (RFC 5422). EAP-FAST-GTC requires a device identity to be specified and requires that a token value (typically obtained from a physical token device) be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.	MX: 4.2+
11	WPA/WPA2	This indicates that the network requires authentication using the Microsoft Challenge Authentication Protocol Version 2 (MSCHAPV2) within an anonymous TLS tunnel established using the 802.1x Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST) standard (RFC 5422). EAP-FAST-MSCHAPV2 requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.	MX: 4.2+
8	EAP-TTLS-PAP	This indicates that the network requires authentication using the Password Authentication Protocol (PAP) within a secure TLS tunnel established using the 802.1x Extensible Authentication Protocol - Tunneled Transport Layer Security (EAP-TTLS) standard (RFC 5281). EAP-TTLS-PAP requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.	MX: 4.2+
6	EAP-TTLS-MSCHAP	This indicates that the network requires authentication using the Microsoft Challenge Authentication Protocol (MSCHAP) within a secure TLS tunnel established using the 802.1x Extensible Authentication Protocol - Tunneled Transport Layer Security (EAP-TTLS) standard (RFC 5281). EAP-TTLS-MSCHAP requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.	MX: 4.2+
7	EAP-TTLS-MSCHAPV2	This indicates that the network requires authentication using the Microsoft Challenge Authentication Protocol Version 2 (MSCHAPV2) within a secure TLS tunnel established using the 802.1x Extensible Authentication Protocol - Tunneled Transport Layer Security (EAP-TTLS) standard (RFC 5281). EAP-TTLS-MSCHAPV2 requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.	MX: 4.2+
4	LEAP	This indicates that the network requires authentication using the Lightweight Extensible Authentication Protocol (LEAP) defined by Cisco. LEAP uses a modified version of MSCHAP without a secure tunnel and hence can be easily compromised. LEAP requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. Unlike standard EAP modes, LEAP does not support an optional certificate to help verify the identity of the authentication server.	MX: 4.2+
2	PEAP-MSCHAPV2	This indicates that the network requires authentication using the Microsoft Challenge Authentication Protocol Version 2 (MSCHAPV2) within a secure TLS tunnel established using the Protected Extensible Authentication Protocol, (PEAP) defined by Cisco Systems, Microsoft, and RSA Security. PEAP-MSCHAPV2 requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.	MX: 4.2+
10	PEAP-GTC	This indicates that the network requires authentication using a token generated using a Generic Token Card (GTC) within a secure TLS tunnel established using the Protected Extensible Authentication Protocol, (PEAP) defined by Cisco Systems, Microsoft, and RSA Security. PEAP-GTC requires a device identity to be specified and requires that a token value (typically obtained from a physical token device) be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.	MX: 4.2+
14	PEAP-NONE		MX: 5.0+

Identity

Identity is used only when Authentication is used, which also means that this is only used when the Security Mode is "Enterprise".

This parm is used by the device to specify to the Authentication Server the Identity that it wishes to authenticate as. The Identity is synonymous with "user name" in many cases. However, different Authentication Servers can be configured to require different types of Identity, such as email addresses, device unique ID, etc.

The Identity is used as a way of getting accepted by the Authentication Server so that you can receive the encryption key that is needed to operate on the network. Once you are authenticated, the Identity does not have any further meaning and is not used to identify the device on the network.

Specifying an empty (length of zero) value (or the absence of this parm from the XML) will cause the Identity will not be set.

Shown if: The Network Action is "Add a New Network" and the Authentication is "PEAP-NONE"

Parm Name: Identity

Requires:

MX: 4.2+

Anonymous Identity

Used to specify an Anonymous Identity for systems that support separate authentication outside of a secure tunnel.

When using an EAP type that has a secure tunnel over which authentication credentials can be delivered, it is sometimes necessary to specify an Identity outside the protections of the tunnel. In these cases, an Anonymous Identity can be sent so as not to disclose the actual Identity, password or other verifying credentials. A separate Anonymous Identity can be used only if the Authentication Server is set up to support it.

If no Anonymous Identity is specified, then the actual Identity will be sent outside the tunnel, if required. This may still be secure since the password and/or other verifying credentials are always sent inside the tunnel (in modes that use a tunnel for secure credential delivery). Using the actual Identity outside the tunnel would therefore risk disclosure of only part of the information needed to authenticate.

Parm value input rules:

String with a minimum of 0 characters and a maximum of 64 characters

Note: Specifying an empty (length of zero) value (or the absence of this parm from the XML) will prevent the Anonymous Identity from being set.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is "PEAP-MSCHAPV2" or "EAP-TTLS-MSCHAP" or "EAP-TTLS-MSCHAPV2" or "EAP-TTLS-PAP" or "PEAP-GTC" or "EAP-FAST-MSCHAPV2" or "EAP-FAST-GTC" or "PEAP-NONE"

Parm Name: AnonymousIdentity

Requires:

MX: 4.2+

Protect Password

Controls whether the Password will be stored as encrypted or clear text. Since the Password must be embedded within the XML, it is often desirable to encrypt the Password to prevent its extraction and exploitation in case the XML is intercepted.

A Password is used when the Security Mode is set to "Enterprise." All authentication types require a Password except EAP-TLS, which uses a client certificate instead. The Identity and Password combine to form an authentication credential that provides access to a network.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is "PEAP-MSCHAPV2" or "LEAP" or "EAP-TTLS-MSCHAP" or "EAP-TTLS-MSCHAPV2" or "EAP-TTLS-PAP" or "PEAP-GTC" or "EAP-FAST-MSCHAPV2" or "EAP-FAST-GTC" or "PEAP-NONE"

Parm Name: ProtectPassword

Requires:

MX: 4.2+

Password

Used to specify a Password to be used to connect to a network. This parameter name will change according to the value of ProtectPassword:

If ProtectPassword is false:

Parm name: PasswordClear
Settable if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is "PEAP-MSCHAPV2" or "LEAP" or "EAP-TTLS-MSCHAP" or "EAP-TTLS-MSCHAPV2" or "EAP-TTLS-PAP" or "PEAP-GTC" or "EAP-FAST-MSCHAPV2" or "EAP-FAST-GTC" or "PEAP-NONE" and Protect Password is false

If Protect Password is true:

Parm name: PasswordEncrypted
Settable if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is "PEAP-MSCHAPV2" or "LEAP" or "EAP-TTLS-MSCHAP" or "EAP-TTLS-MSCHAPV2" or "EAP-TTLS-PAP" or "PEAP-GTC" or "EAP-FAST-MSCHAPV2" or "EAP-FAST-GTC" or "PEAP-NONE" and Protect Password is true

Parm value input rules:

String with a minimum of 0 characters and a maximum of 64 characters

Note: The encryption process for this parameter value is currently undocumented, and the key required to encrypt is unpublished. Since there is currently no way to store an encrypted, server-supplied password within an XML file, MDM systems cannot use an encrypted password.

Parm Name: PasswordClear, PasswordEncrypted

Requires:

MX: 4.2+

Server Certificate Name

Optional parameter that allows the name of a certificate alias to be used to verify the server.

Parm value input rules:

String with a minimum of 0 characters and a maximum of 64 characters

Notes:

When Security Mode is "Enterprise," the device will not need to authenticate to an Authentication Server using the defined Authentication type. This will involve sending potentially sensitive authentication credentials to the Authentication Server. Zebra does not recommended this unless the authenticity of the Authentication Server can be verified, for example, ensuring it is not attempting to carry out a "man in the middle" attack.
The device contacts and challenges the Authentication Server to assert and prove its Identity through the use of a server certificate. The device must be able to establish the validity of that certificate and must trust the chain of authority of the issuer of that certificate. This would all occur whether or not a Server Certificate Name is specified.
By default, a certificate asserted by an Authentication Server will be trusted if it can be verified to have been validly issued by any trusted certificate authority. If a Server Certificate Name is supplied, then the certificate asserted by an Authentication Server will be trusted only if it is verified to have been validly issued by that specific trusted certificate authority. This increases the security by preventing the use of certificates issued by authorities that are not trusted to issue certificates to authentication servers.
Specifying an empty (length of zero) value (or the absence of this parm from the XML) will cause the Optional Server Certificate to not be set.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is "EAP-TLS" or "PEAP-MSCHAPV2" or "EAP-TTLS-MSCHAP" or "EAP-FAST-MSCHAPV2" or "EAP-TTLS-PAP" or "PEAP-GTC" or "EAP-FAST-MSCHAPV2" or "EAP-FAST-GTC" or "PEAP-NONE"

Parm Name: OptionalServerCertificate

Requires:

MX: 4.2+

Mandatory Client Certificate Name

The name of the certificate alias that should be used to join the network (Mandatory). When Authenticating using EAP-TLS, a client certificate is used instead of a Password. Consequently, when Authentication is EAP-TLS, a client certificate must be specified and a Password must not be specified.

Parm value input rules:

String with a minimum of 0 characters and a maximum of 64 characters

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is "EAP-TLS"

Parm Name: MandatoryClientCertificate

Requires:

MX: 4.2+

Optional Client Certificate Name

Optional parameter that allows the name of a client certificate alias to be used to join a network. When Authenticating with EAP types other than EAP-TLS (which would not require a client certificate) a client is still allowed. If used, the client certificate will be used to authenticate the device to the authentication server as part of the establishment of the secure tunnel over which further authentication credentials will be delivered. This means that the client certificate does not need to be unique, even if the authentication credentials are. The use of a client certificate can introduce an additional level of protection by requiring a device to possess a valid client certificate as well as valid authentication credentials. The client certificate serves as a first-pass filter.

Parm value input rules:

String with a minimum of 0 characters and a maximum of 64 characters

Note: Specifying an empty (length of zero) value (or the absence of this parm from the XML) will prevent an Optional Server Certificate from being set.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" the Authentication is "PEAP-MSCHAPV2" or "EAP-TTLS-MSCHAP" or "EAP-TTLS-MSCHAPV2" or "EAP-TTLS-PAP" or "PEAP-GTC" or "EAP-FAST-MSCHAPV2" or "EAP-FAST-GTC" or "PEAP-NONE"

Parm Name: OptionalClientCertificate

Requires:

MX: 4.2+

WPA Encryption Type

Type of encryption used by the network. The values that can be selected for Encryption Type will vary based on the selections made for Security Mode and WPA Mode. But a selection must always be made for Encryption Type whenever Security Mode is not "Open" (indicating no encryption).

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" or "Enterprise" and the WPA Mode is WPA

Parm Name: EncryptionWPA

Option	Name	Description	Requires
0	Default	This value (or the absence of this parm from the XML) will not make any change to the encryption type that is currently used on the device.	MX: 4.2+
1	TKIP	This indicates that the network requires encryption to be performed using the Temporal Key Integrity Protocol (TKIP) standard with a per-packet key length of 128 bits.	MX: 4.2+

WPA2 Encryption Type

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" or "Enterprise" and the WPA Mode is WPA2 or WPA/WPA2

Parm Name: EncryptionWPA2

Option	Name	Description	Requires
0	Default	This value (or the absence of this parm from the XML) will not make any change to the encryption type that is currently used on the device.	MX: 4.2+
1	AES-CCMP	This indicates that the network requires encryption to be performed using the Advanced Encryption Standard - Counter mode Cipher block chaining Message authentication code Protocol (AES-CCMP) standard, wherein the AES block cipher is used with a per-packet key length of 128 bits.	MX: 4.2+
2	TKIP	This indicates that the network requires encryption to be performed using the Temporal Key Integrity Protocol (TKIP) standard with a per-packet key length of 128 bits.	MX: 4.2+
3	AES-CCMP/TKIP	This indicates that the network allows the use of either the AES-CCMP standard or the TKIP encryption standard and the proper encryption type to use can be automatically determined by negotiation with the Wi-Fi infrastructure.	MX: 4.2+

WEP Encryption Type

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" or "Enterprise" and the WPA Mode is WEP

Parm Name: EncryptionWEP

Option	Name	Description	Requires
1	WEP-40	This indicates that the network requires encryption to be performed using the Wireless Equivalency Privacy (WEP) standard with a key size of 40 bits.	MX: 4.2+
2	WEP-104	This indicates that the network requires encryption to be performed using the Wireless Equivalency Privacy (WEP) standard with a key size of 104 bits.	MX: 4.2+

Key Type

Specify the type of encryption key to be used by the network. This key is only specified when the Security Mode is "Personal" since the "Open" Security Mode does not use encryption and the "Enterprise" Security Mode distributes keys automatically following Authentication.

An encryption key can be specified using one of two methods:

A hexadecimal value of the actual key
A passphrase that can be used to generate a key using a pre-defined algorithm

The method that is used usually depends on the configuration of the Wi-Fi infrastructure that implements the network. This is because the key to be used must be known to both the Wi-Fi infrastructure and the client. Therefore, both must use a common method to specify that key.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal"

Parm Name: KeyType

Option	Name	Description	Requires
HexKey	Hex Key	This indicates that the actual key used by the network to perform encryption will be specified.	MX: 4.2+
Passphrase	Passphrase	This indicates that a passphrase will be specified from which the actual key used by the network to perform encryption can be derived.	MX: 4.2+

Protect Key

This enables encryption of the Key.

A Key, or the Passphrase used to generate a Key, is generally considered sensitive information since possession of the key for a network grants access to that network. Since the Key or Passphrase must be embedded within the XML, it is often desirable to encrypt the Key or Passphrase so it cannot be extracted and exploited if the XML is intercepted. The WPA Mode and the Key Type, which were previously specified, will determine what type of Key or Passphrase will need to be used. The value selected for the ProtectKey parm will deterime whether the Key or Passphrase will be specified in clear, unencrypted text or encrypted form.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal"

Parm Name: KeyType

Requires:

MX: 4.2+

Passphrase

Controls whether the Key will be encrypted. When the Key Type is Passphrase, then the specified Passphrase will be used to generate the Key. The required Passphrase will vary depending on the WPA Mode specified (WEP or WPA Passphrase).

Note: Currently, the parm value encryption process is not documented and the key that is needed to encrypt is not published. Therefore, an MDM cannot currently use encrypted Keys or Passphrases since there is no way to store an encrypted, server-supplied password in XML file.

If WEP is selected and Protect Key is false:

Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Passphrase" and the WPA Mode is "WEP" and Protect Key is false
Parm name: PassphraseWEPClear
Parm value input rules:
- String with a minimum of 4 characters and a maximum of 32 characters

If WEP is selected and Protect Key is true:

Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Passphrase" and the WPA Mode is "WEP" and Protect Key is true
Parm name: PassphraseWEPEncrypted
Parm value input rules:
- String with a minimum of 4 characters and a maximum of 32 characters
Currently, this parm cannot be used effectively by an MDM.

If WEP is not selected and Protect Key is false:

Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Passphrase" and the WPA Mode is not "WEP" and Protect Key is false
Parm name: PassphraseWPAClear
Parm value input rules:
- String with a minimum of 8 characters and a maximum of 63 characters

If WEP is not selected and Protect Key is true:

Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Passphrase" and the WPA Mode is not "WEP" and Protect Key is true
Parm name: PassphraseWPAEncrypted
Parm value input rules:
- String with a minimum of 8 characters and a maximum of 63 characters
Currently, this parm cannot be used effectively by an MDM.

Parm Name: PassphraseWEPClear, PassphraseWEPEncrypted, PassphraseWPAClear, PassphraseWPAEncrypted

Requires:

MX: 4.2+

Hex Key

When Key Type is Hex Key, then a Key, which is expressed as a sequence of hexadecimal characters, needs to be specified. The type of Key required will vary based on the WPA Mode and Encryption Type specified, since it will need to be either a WEP 40 bit Key, a WEP 104 bit Key, or a 256 bit TKIP/AES-CCMP Key.

Note: Currently, the parm value encryption process is not documented and the key that is needed to encrypt is not published. Therefore, an MDM cannot currently use encrypted Keys or Passphrases since there is no way to store an encrypted, server-supplied password in an XML.

If WEP is not selected and Protect Key is false:

Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is not "WEP" and Protect Key is false
Parm name: HexKeyClear
Description: Provide the hex key (64 hex chars) used by network
Parm value input rules:
- String with exactly 64 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 256 bit binary key value that can be used for either TKIP or AES-CCMP encryption.

If WEP is not selected and Protect Key is true:

Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is not "WEP" and Protect Key is true
Parm name: HexKeyEncrypted
Description: Provide the hex key (64 hex chars) used by network
Parm value input rules:
- String with exactly 64 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 256 bit binary key value that can be used for either TKIP or AES-CCMP encryption.
Currently, this parm cannot be used effectively by an MDM.

If WEP is selected, the encryption type is WEP-40, and Protect Key is false:

Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is "WEP" and the Encryption Type is "WEP-40" and Protect Key is false
Parm name: HexKeyWep40Clear
Description: Provide the shared secret WEP-40 key (10 hex chars) used by the network
Parm value input rules:
- String with exactly 10 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 40 bit binary key value that can be used for either WEP encryption.

If WEP is selected, the encryption type is WEP-40, and Protect Key is true:

Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is "WEP" and the Encryption Type is "WEP-40" and Protect Key is true
Parm name: HexKeyWep40Encrypted
Description: Provide the shared secret WEP-40 key (10 hex chars) used by the network
Parm value input rules:
- String with exactly 10 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 40 bit binary key value that can be used for either WEP encryption.
Currently, this parm cannot be used effectively by an MDM.

If WEP is selected, the encryption type is WEP-104, and Protect Key is false:

Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is "WEP" and the Encryption Type is "WEP-104" and Protect Key is false
Parm name: HexKeyWep104Clear
Description: Provide the shared secret WEP-104 key (26 hex chars) used by the network
Parm value input rules:
- String with exactly 26 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 104 bit binary key value that can be used for either WEP encryption.

If WEP is selected, the encryption type is WEP-104, and Protect Key is true:

Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is "WEP" and the Encryption Type is "WEP-104" and Protect Key is true
Parm name: HexKeyWep104Encrypted
Description: Provide the shared secret WEP-104 key (26 hex chars) used by the network
Parm value input rules:
- String with exactly 26 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 104 bit binary key value that can be used for either WEP encryption.
Currently, this parm cannot be used effectively by an MDM.

Parm Name: HexKeyWEPClear, HexKeyWEPEncrypted, HexKeyWPAClear, HexKeyWPAEncrypted

Requires:

MX: 4.2+

WEP Key Index

Some Wi-Fi infrastructure that implements a network using WEP encryption may support multiple WEP keys and a WEP index to indicate which key to use at any given time.

Note: Android does not currently support multiple WEP keys per network. Therefore, only the first WEP key (wep[0]) is supported.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the WPA Mode is "WEP"

Parm Name: WepKeyIndex

Option	Name	Requires
1	wep[0]	MX: +
2	wep[1]	MX: +
3	wep[2]	MX: +
4	wep[3]	MX: +

Use DHCP

When this parm is selected, DHCP will be used. When not selected, Static IP address is used.

Most modern networks use DHCP to automatically assign IP Addresses to devices when they join the network. If DHCP is used, then all requisite IP Address information will be obtained automatically and no additional information will need to be provided.

If DHCP cannot be used for a particular network, then all IP Address information that is needed to operate on that network will need to be specified. None of the following IP Address information parms can be left blank, but they may not all require meaningful values, depending on the network.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the WPA Mode is "WEP"

Parm Name: UseDHCP

Requires:

MX: 4.2+

Static IP Address

Provide the static IP address to be assigned to the device on this network.

When not using DHCP, a valid IP Address for the device to use on the network must be specified and that IP Address must not be assigned to any other device on the same network.

Parm value input rules:

Must be a valid IPV4 address, example: 191.168.0.1

Shown if: The Network Action is "Add a New Network" and the "Use DHCP" box is not checked

Parm Name: IpAddress

Requires:

MX: 4.2+

Gateway 1 IP Address

Provide the IP address of the first gateway to the network.

When not using DHCP, a valid Gateway IP Address may or may not be required. If there is a Gateway that can route traffic out of the current network, then the IP Address of that Gateway should be specified if the device will need to send traffic outside that network. If the network is essentially self-contained, then it may not be important what value is specified for this parm.

Parm value input rules:

Must be a valid IPV4 address, example: 191.168.0.1

Shown if: The Network Action is "Add a New Network" and the "Use DHCP" box is not checked

Parm Name: IpGateway1

Requires:

MX: 4.2+

Subnet Mask

Provide the subnet mask to be used on the network.

When not using DHCP, a subnet mask must be specified that is consistent with the network and is consistent with the IP Address assigned to the device for use on that network.

Parm value input rules:

Must be a valid IPV4 subnet mask, example: 255.255.255.0

Shown if: The Network Action is "Add a New Network" and the "Use DHCP" box is not checked

Parm Name: IpMask

Requires:

MX: 4.2+

DNS Server 1 IP Address

Provide the IP address of the DNS server.

When not using DHCP, a valid DNS Server IP Address may or may not be required. If there is a DNS Server that can resolve network names to IP Addresses on the current network, then the IP Address of that server should be specified if the device will need to resolve names for that network. If name resolution is not required, then it may not be important what value is specified for this parm.

Parm value input rules IpDns1:

Must be a valid IPV4 address, example: 191.168.0.1

Parm value input rules IpDns2:

Must be a valid IPV4 address, example: 191.168.0.1
If no alternate DNS Server is available or required, then it may not be important what value is specified for this parm.
Specifying an empty (length of zero) value (or the absence of this parm from the XML) will cause the DNS Server 2 IP Address to not be set.

Shown if: The Network Action is "Add a New Network" and the "Use DHCP" box is not checked

Parm Name: IpDns1, IpDns2

Requires:

MX: 4.2+

Use Proxy

When selected, a Proxy is used for network connections. You can either manually configure the proxy settings or select the location of a PAC file for automatic configuration. A proxy is a an intermediary service that routes HTTP requests and responses between clients on a device and another network (typically the internet or an intranet). When there is a proxy between the Wi-Fi network and some outer network, then HTTP-based applications, such as a Web Browser, may need to negotiate with that proxy to access the services of that outer network.

Note: In MX 5.0, the parm data type changed from a Boolean to a value selected from the UseProxy list. Please check the list above.

Parm Name: UseProxy

Option	Name	Description	Requires
0	None	Since MX 5.0 the use of a code over a boolean value was implemented. This value was unaffected.	MX: 5.0+
1	Manual	Since MX 5.0 the use of a code over a boolean was implemented. This value indicates a Manual Proxy.	MX: 5.0+
3	Proxy Auto-Config	Automatically use a proxy. This value was instroduced in MX 5.0.	MX: 5.0+

Proxy Host Name

Provide the Host Name or IP Address of the computer on which the proxy is running. Host Name can be used only if the network provides suitable name resolution. Otherwise, an IP Address would need to be provided.

Since different Wi-Fi networks may have different proxies connecting them to different outer networks, proxy information, if needed, must be configured for each network.

Parm value input rules:

String with a minimum of 1 characters and a maximum of 64 characters

Shown if: The Network Action is "Add a New Network" and "Use Proxy" is set to manual.

Parm Name: ProxyHostName

Requires:

MX: 4.2+

Proxy Port

Provide the port number of the proxy server on the computer on which the proxy is running on which the proxy is listening.

Shown if: The Network Action is "Add a New Network" and "Use Proxy" is set to manual.

Parm Name: ProxyPort

Requires:

MX: 4.2+

Proxy Bypass

Once a proxy is configured for a given network, all HTTP traffic will generally be routed to the outer network via that proxy.

In some cases, it may be desirable to avoid routing selected Host Names or IP Addresses through the proxy. For example, you might want to access a local Web Server. This can be accomplished by listing the Host Names or IP Addresses for which the Proxy should be bypassed. To specify multiple Host Names or IP Addresses, separate them with commas.

Parm value input rules:

String with a maximum of 256 characters

Shown if: The Network Action is "Add a New Network" and "Use Proxy" is set to manual.

Parm Name: BypassProxy

Requires:

MX: 4.2+

PAC File Url

Provide the Host Name or IP Address of the location of where the proxy PAC file is located. This can be used only if the network provides suitable name resolution. Otherwise, an IP Address would need to be provided.

Since different Wi-Fi networks may have different proxies connecting them to different outer networks, proxy information, if needed, must be configured for each network.

Parm value input rules:

String with a minimum of 1 characters and a maximum of 64 characters

Shown if: The Network Action is "Add a New Network" and "Use Proxy" is set to Proxy Auto-Config.

Parm Name: PROXYPAC

Requires:

MX: 5.0+

Advanced Options

Use of Wi-Fi Advanced Options requires the following:

PMKID must be turned on to enable PreAuth (PreAuth =1 and PMKID =1)
FT must be turned on to enable FTRIC (FT=1 and FTRIC =1)
OKC must be turned off (OKC =0 and PMKID =1) to use PMKID caching

WARNING: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Auto Time Config

Used to enable/disable AutoTimeConfig feature, a Zebra-specific feature that updates the device timestamp based on Zebra IE in the 802.11 beacon. Not supported on TC70 QC GA1/GA2 running Android KitKat.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: AutoTimeConfig

Requires:

MX: 4.2+

HFSR

Used to enable/disable Hyper Fast Secure Roam (HFSR), Zebra's fast roam algorithm. Not supported on TC70 QC GA1/GA2, TC75 GA and TC55 GA devices running Android KitKat.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: HFSR

Requires:

MX: 4.2+

Aggregated Fast Transition

Controls the Fast Transition roam algorithm (802.11r), which improves on IEEE 802.11r Over-the-DS fast roaming. When used in conjunction with Zebra wireless LAN infrastructure, the device will achieve more reliable and consistent fast roaming. Enabled by default.

Not supported on TC70 QC GA1 devices running Android KitKat.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: FT

Requires:

MX: 4.2+

CKM

Used to enable/disable the CCX roam algorithm (CCKM).

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: CCKM

Requires:

MX: 4.2+

FTRIC

Used to enables/disable the Fast Transition Resource Request (802.11r). Not supported on TC70 QC GA1/GA2, TC75 GA or TC55 GA devices running Android KitKat.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: FTRIC

Requires:

MX: 4.2+

OKC

Used to enable/disable Opportunistic Key Caching (OKC).

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: OKC

Requires:

MX: 4.2+

PMKID

Used to enable/disable PMKID Caching. If PMKID is enabled, OKC must be disabled for PMKID caching to operate.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: PMKID

Requires:

MX: 4.2+

Power Save Mode

Used to configure the WLAN radio Power Save Mode from the settings table below. The default "Fast Power Save" value must be used for the "Power Save" parameter; the "Do not change" value will result in failure.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: PowerSave

Option	Name	Requires
0	Do not change	MX: 4.2+
1	Always Active	MX: 4.2+
2	Fast Power Save (Deprecated)	MX: 4.2+
3	Max Power Save (Deprecated)	MX: 4.2+
4	WMM-PS	MX: 4.4+
5	Null Data Power Save	MX: 4.4+
6	PS-POLL	MX: 4.4+

PreAuth

Used to enable/disable 802.1x Pre-Authentication. Not supported on TC70 QC GA1/GA2 or TC75 GA devices running Android KitKat.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: PreAuth

Requires:

MX: 4.2+

WLAN Power Save Mode

This option is to configure different WLAN Power Save Modes of Radio.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: WLANPowerSave

Option	Name	Requires
0	WMM-PS	MX: 4.3+
1	Null Data Power Save	MX: 4.3+
2	PS-POLL	MX: 4.3+
3	Do not change	MX: 4.3+

Advanced Logging

Start or Stop advanced Wi-Fi logging.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: AdvancedLogging

Requires:

MX: 4.2+

FIPS

Used to enable/disable FIPS data in motion supported in WLAN. WLAN FIPS 140-2, level 1 compliance. Not supported on TC70 QC GA1/GA2, TC75 GA or TC55 GA devices running Android KitKat.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: FIPS

Requires:

MX: 4.2+

Enable Restricted Settings UI

Used to enable/disable read-only mode for Wi-Fi settings according to the values in the table below. Not supported on TC70 QC GA1/GA2 running Android KitKat.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: PowerSave

Option	Name	Requires
0	Do not change	MX: +
1	Disable Restricted WLAN Settings UI	MX: +
2	Enable Restricted WLAN Settings UI	MX: +

Radio Resource Management (802.11k)

Used to enable/disable Radio Resource Management, which measures transmit power, data rates and other wireless characteristics in an effort to optimize communication efficiency. Not supported on TC70 QC GA1/GA2 running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: 802.11K

Requires:

MX: 4.3+

Management Frame Protection Mode (802.11w)

Used to specify the Management Frame Protection Mode from the values in the table below. Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: 802.11w

Option	Name	Requires
0	No MFP	MX: 4.3+
1	Capable	MX: 4.3+
2	Mandatory	MX: 4.3+
3	Do not change	MX: 4.3+

Select Band Preference

Used to specify the preferred Wi-Fi band. Not supported on MPA3 RevB-based devices running Android Jelly Bean.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: BandPreference

Option	Name	Requires
0	No Preference	MX: 4.3+
1	Prefer 2.4GHz	MX: 4.3+
2	Prefer 5.0GHz	MX: 4.3+
3	Do not change	MX: 4.3+

FT Over The DS

Used to enable/disable Fast Transition over the Distribution System (FTOverTheDS). Enabled by default. Also known as 802.11r Over-the-DS, this fast roam standard reduces the number frames exchanged when the device roams from one AP to another if the infrastructure supports it. Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: FTOverTheDS

Requires:

MX: 4.3+

ScanAssist

Used to enable/disable ScanAssist. This feature improves roaming on Zebra devices by allowing the device to monitor neighboring access points to retrieve roam-related information from the Zebra wireless LAN infrastructure without doing scans. Enabled by default.

Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: ScanAssist

Requires:

MX: 4.3+

AggregatedFT

Used to enable/disable the AggregatedFT feature. Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: AggregatedFT

Requires:

MX: 4.3+

Coverage Hole Detection

Used to enable/disable Coverage Hole Detection, which reports gaps in signal coverage to the Zebra wireless LAN infrastructure. Enabled by default. Network administrators can detect and mitigate coverage gaps present in the network for greater reliability. Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: CHD

Requires:

MX: 4.3+

Subnet Roam

Specify whether to enable subnet roaming. Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: SubNetRoam

Requires:

MX: 4.4+

WAN Country

Used to enable/disable WAN Country, which obtains country information from the WAN Interface (GSM/CDMA base station) and applies regulatory rules based on the Country Code received. Supported only on WAN based devices. Not supported on TC70 QC GA1/GA2 running Android KitKat, or MPA3 RevB- or RevC-based devices running Android Jelly Bean.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: WANCountry

Requires:

MX: 4.3+

Examples

Managing Certificates Related to Wi-Fi Networks

Initialize the Android KeyStore

Note: This must be done for a new device before you can install certificates.

Without a password:


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="4"/>
    </characteristic>
</wap-provisioningdoc>

With a password:


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="4"/>
        <characteristic type="keystore-details">
            <parm name="KeystorePassword" value="password"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>

Remove a Certificate:


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="2"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName1"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>

Install a CA certificate (.PEM file):


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="1"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName2"/>
            <parm name="CertType" value="5"/>
            <parm name="CertMethod" value="2"/>
            <parm name="CertFileCA" value="/path/to/cert.pem"/>
            <parm name="CertAdjustClock" value="false"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>

Install a client certificate (.PEM file):


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="1"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName2"/>
            <parm name="CertType" value="6"/>
            <parm name="CertMethod" value="2"/>
            <parm name="CertFileClient" value="/path/to/cert.pem"/>
            <parm name="CertAdjustClock" value="false"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>

Install a client certificate and private key (.PFX file):


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="1"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName2"/>
            <parm name="CertType" value="8"/>
            <parm name="CertMethod" value="2"/>
            <parm name="CertFileClient" value="/path/to/cert.pem"/>
            <parm name="CertAdjustClock" value="false"/>
            <parm name="PrivateKeyPassword" value="pass"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>

Install a client certificate and private key (.P12 file):


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="1"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName2"/>
            <parm name="CertType" value="9"/>
            <parm name="CertMethod" value="2"/>
            <parm name="CertFileClient" value="/path/to/cert.pem"/>
            <parm name="CertAdjustClock" value="false"/>
            <parm name="PrivateKeyPassword" value="pass"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>

Install a client certificate and private key (.PKCS12 file):


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="1"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName2"/>
            <parm name="CertType" value="9"/>
            <parm name="CertMethod" value="10"/>
            <parm name="CertFileClient" value="/path/to/cert.pem"/>
            <parm name="CertAdjustClock" value="false"/>
            <parm name="PrivateKeyPassword" value="pass"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>

Country Selection

Selecting a Country:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="1"/>
        <characteristic type="Regulatory">
            <parm name="Country" value="US"/>
        </characteristic>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
    </characteristic>
</wap-provisioningdoc>

Using the Auto Option:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="1"/>
        <characteristic type="Regulatory">
            <parm name="Country" value="AUTO"/>
        </characteristic>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
    </characteristic>
</wap-provisioningdoc>

Band Selection

Set 2.4 GHz:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <characteristic type="Radio">
            <parm name="BandSelection" value="2.4GHz"/>
            <characteristic type="ChannelSelection">
                <parm name="2.4GHzChannels" value="1"/>
            </characteristic>
        </characteristic>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
    </characteristic>
</wap-provisioningdoc>

Set 5.0 GHz:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <characteristic type="Radio">
            <parm name="BandSelection" value="5.0GHz"/>
            <characteristic type="ChannelSelection">
                <parm name="5.0GHzChannels" value="36"/>
            </characteristic>
        </characteristic>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
    </characteristic>
</wap-provisioningdoc>

Set Auto (both 2.4 and 5.0 GHz):


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <characteristic type="Radio">
            <parm name="BandSelection" value="Auto"/>
            <characteristic type="ChannelSelection">
                <parm name="2.4GHzChannels" value="1"/>
                <parm name="5.0GHzChannels" value="36"/>
            </characteristic>
        </characteristic>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
    </characteristic>
</wap-provisioningdoc>

Add Wi-Fi Network

Adding an Open Network:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="0"/>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>

Adding a Personal Network with WPA:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="1"/>
            <parm name="WPAMode" value="1"/>
            <characteristic type="key-details">
                <parm name="KeyType" value="Passphrase"/>
                <parm name="ProtectKey" value="0"/>
                <parm name="PassphraseWPAClear" value="KsdU6X3u"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>

Adding a Personal Network with WPA and TKIP:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="1"/>
            <parm name="WPAMode" value="1"/>
            <characteristic type="auth-details">
                <characteristic type="encryption-details">
                    <parm name="EncryptionWPA" value="1"/>
                </characteristic>
            </characteristic>
            <characteristic type="key-details">
                <parm name="KeyType" value="Passphrase"/>
                <parm name="ProtectKey" value="0"/>
                <parm name="PassphraseWPAClear" value="KsdU6X3u"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>

Adding a Personal Network with WPA2:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="1"/>
            <parm name="WPAMode" value="2"/>
            <characteristic type="key-details">
                <parm name="KeyType" value="Passphrase"/>
                <parm name="ProtectKey" value="0"/>
                <parm name="PassphraseWPAClear" value="KsdU6X3u"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>

Adding a Personal Network with WPA/WPA2:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="1"/>
            <parm name="WPAMode" value="3"/>
            <characteristic type="key-details">
                <parm name="KeyType" value="Passphrase"/>
                <parm name="ProtectKey" value="0"/>
                <parm name="PassphraseWPAClear" value="KsdU6X3u"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>

Adding a Personal Network with WEP:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="1"/>
            <parm name="WPAMode" value="4"/>
            <characteristic type="auth-details">
                <characteristic type="encryption-details">
                    <parm name="EncryptionWEP" value="1"/>
                </characteristic>
            </characteristic>
            <characteristic type="key-details">
                <parm name="KeyType" value="Passphrase"/>
                <parm name="ProtectKey" value="0"/>
                <parm name="PassphraseWEPClear" value="KsdU6X3u"/>
                <parm name="WepKeyIndex" value="1"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>

Adding an Enterprise Network with WPA:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="2"/>
            <parm name="WPAMode" value="1"/>
            <parm name="Authentication" value="1"/>
            <characteristic type="auth-details">
                <parm name="OptionalServerCertificate" value="serverCertName"/>
                <parm name="MandatoryClientCertificate" value="clientCertName"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>

Adding an Enterprise Network with WPA2:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="2"/>
            <parm name="WPAMode" value="2"/>
            <parm name="Authentication" value="1"/>
            <characteristic type="auth-details">
                <parm name="OptionalServerCertificate" value="serverCertName"/>
                <parm name="MandatoryClientCertificate" value="clientCertName"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>

Adding an Enterprise Network with WPA/WPA2:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="2"/>
            <parm name="WPAMode" value="3"/>
            <parm name="Authentication" value="1"/>
            <characteristic type="auth-details">
                <parm name="OptionalServerCertificate" value="serverCertName"/>
                <parm name="MandatoryClientCertificate" value="clientCertName"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>

Adding an Enterprise Network with WEP:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="2"/>
            <parm name="WPAMode" value="4"/>
            <parm name="Authentication" value="1"/>
            <characteristic type="auth-details">
                <characteristic type="encryption-details">
                    <parm name="EncryptionWEP" value="1"/>
                </characteristic>
                <parm name="OptionalServerCertificate" value="serverCertName"/>
                <parm name="MandatoryClientCertificate" value="clientCertName"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>