Wifi Manager

EMDK For Xamarin - 2.1

Overview

The Wi-Fi Manager administers a device's Wi-Fi settings and network profiles for remembering and connecting to networks.

Note: The terms "enable" and "disable" in this CSP are equivalent to "turn on" and "turn off." Those terms in other CSPs refer to the feature's Usage setting, which is the ability of the device user to access the feature at all.

Main Functionality

  • Enable Wi-Fi
  • Disable Wi-Fi
  • Set Wi-Fi to Never Sleep
  • Set Wi-Fi to Never Sleep When Plugged In
  • Set Wi-Fi to Always Sleep
  • Use Network Notifications
  • Do Not Use Network Notifications
  • Enable Auto Country Selection
  • Manually Select country
  • Set the RF Band
  • Enable Auto RF Band Selection
  • Enable Fusion Advanced Logging
  • Enable the Device to set the Clock off the AP (Access Point) Time
  • Enable HF SR (Hyper Fast Secure Roam)
  • Disable HF SR (Hyper Fast Secure Roam)
  • Enable CCKM (Cisco Centralized Key Management)
  • Disable CCKM (Cisco Centralized Key Management)
  • Enable FT (Fast Transition)
  • Disable FT (Fast Transition)
  • Enable FTRIC (Fast Transition Resource Request)
  • Disable FTRIC (Fast Transition Resource Request)
  • Enable OKC (Opportunistic Key Caching)
  • Disable OKC (Opportunistic Key Caching)
  • Enable PMKID Caching
  • Disable PMKID Caching
  • Enable PreAuth
  • Disable PreAuth
  • Set Power Savings Mode to Always Active
  • Set Power Savings Mode to WMM-PS
  • Set Power Savings Mode to Null Data Power Save
  • Set Power Savings Mode to PS-POLL
  • Enable Advanced Logging
  • Disable Advanced Logging
  • Enable FIPS Compliance
  • Disable FIPS Compliance
  • Enable Restricted WLAN Settings UI
  • Disable Restricted WLAN Settings UI
  • Enable Radio Resource Measurement(802.?11K)
  • Disable Radio Resource Measurement(802.?11K)
  • Enable Management Frame Protection Mode(802.?11w)
  • Disable Management Frame Protection Mode(802.?11w)
  • Set the band preference
  • Enable FTOverTheDS
  • Disable FTOverTheDS
  • Enable AggregatedFT
  • Disable AggregatedFT
  • Enable ScanAssist
  • Disable ScanAssist
  • Enable Coverage Hole Detection
  • Disable Coverage Hole Detection
  • Enable Sub-Net Roam
  • Disable Sub-Net Roam
  • Enable WANCountry
  • Disable WANCountry
  • Add a Wi-Fi Network
  • Remove a Wi-Fi Network
  • Connect to a Wi-Fi Network
  • Disconnect from a Wi-Fi Network
  • Enable an Existing Wi-Fi Network
  • Disable an Existing Wi-Fi Network
  • Disable all Existing Wi-Fi Networks
  • Remove all Existing Wi-Fi Networks

Target OS

Specify the target OS of the device.

Parm Name: TargetOS

Option Name Description Requires
2 Android

MX: 4.2+

Wi-Fi Enable

Turn the Wi-Fi radio on or off.

Note: In order for settings to be applied, Wi-Fi must be turned on. If you do not specify WiFi Enable in the profile, you will get an error when attempting to apply certain settings if the device's Wi-Fi is not already turned on. For example, all of the Network Actions, which are described later in this document, will require that Wi-Fi is turned on. However, other settings, such as Sleep Policy and Network Notification, do not require Wi-Fi to be turned on.

As a best practice, it is recommended that this is turned on whenever setting another Wi-Fi parm that requires to be on, as it is not harmful to enable the Wi-Fi again if it is already on.

Note: In other CSPs, the terms "enable" and "disable" refer to whether or not the user will be allowed to turn the device on or off at all. However, in this CSP, "enable" and "disable" are equivalent to "turn on" and "turn off".

Parm Name: WiFiAction

Option Name Description Requires
0 Do not change This value (or the absence of this parm from the XML) will not make any change to the whether the Wi-Fi radio is on or off.

MX: 4.2+

enable Enable This value will cause the Wi-Fi radio to be turned on.

MX: 4.2+

disable Disable This value will cause the Wi-Fi radio to be turned off.

MX: 4.2+

Sleep Policy

Specifies the state of the Wi-Fi radio when the device suspends.

For Android devices, the device is suspended when the display turns off after idling for a certain amount of time. While the device is suspended, the device's software continues running in a lower power mode, meaning that the device itself is not turned off and software can run when the device is in this state. The amount of power consumption while in this state partially depends on what features are left on.

Parm Name: WifiSleepPolicy

Option Name Description Requires
Do not change This value (or the absence of this parm from the XML) will not make any change to the current sleep policy on the device.

MX: 4.2+

Never Sleep Never Sleep This value will leave the Wi-Fi radio on while the device's display is turned off and Wi-Fi can continue to be used by any software that is running. Existing Wi-Fi connections will be maintained as if the device was not suspended. For example, emails will continue to come in. This behavior may be preferred in some situations. However, this could significantly increase the drain on the battery and reduce the battery life.

MX: 4.2+

PluggedIn Never Sleep When Plugged This value will leave the Wi-Fi radio on while the display is turned off if the device is not running from battery power.

MX: 4.2+

NeverOn Always Sleep This value turns the Wi-Fi radio off while the device's display is turned off. Existing Wi-Fi connections will be dropped and will need to be re-established, if needed, when the display (and Wi-Fi) are turned back on. Software that is running cannot use Wi-Fi while it is off. This can significantly increase the battery life if communications are not needed when the device is suspended.

MX: 4.2+

Country Selection Auto/Manual

By leaving this option unchecked, the country may be determined by the router or access point setting. To manually select the country, you should select the checkbox. When doing this a country drop-down will appear.

Parm Name: UseRegulatory

Option Name Description Requires
true true Manually select the country.

MX: 4.2+

false false Country determined by the router.

MX: 4.2+

Network Notification

Specifies whether or not to notify the user when an unknown, open network comes in range. If this setting is turned on, the user will be asked if they want to join the network, which could be useful for personal or dual use devices which might want to use a public Wi-Fi connection at some point. However, turning these notifications on is not recommended for devices that are supposed to be used only on a single corporate Wi-Fi network since it might be harmful to offer a user the opportunity to connect to a rogue, non-secure network.

Parm Name: NetworkNotification

Option Name Description Requires
Do not change This value (or the absence of this parm from the XML) will not make any change to the current network notification setting.

MX: 4.2+

true Use network notification This value will cause the user to be notified when an unknown, open network comes into range.

MX: 4.2+

false Do not use network notification This value will cause the user to not be notified when an unknown, open network comes into range.

MX: 4.2+

Country

Sets the country to use for Wi-Fi regulatory setting.

When you choose 'AUTO' in the drop-down, 802.11d will be enabled. 802.11d is a mode where the device will listen for a country-specific beacon. It also will not transmit unless it can auto-detect the country, which can be beneficial because the device cannot transmit with a frequency that is inconsistent with the Wi-Fi infrastructure and is therefore less likely to violate country-specific regulations.

If a Wi-Fi infrastructure does not support, 802.11d, then the country that is used by this infrastructure will need to be selected so that the device can connect to it.

Shown if: The "Configure Country (Auto/Manual)" box is not checked

Parm Name: Country

Option Name Description Requires
AUTO AUTO (Use 802.11d)

MX: 4.2+

DZ Algeria

MX: 4.2+

AI Anguilla

MX: 4.2+

AR Argentina

MX: 4.2+

AU Australia

MX: 4.2+

AT Austria

MX: 4.2+

BS Bahamas

MX: 4.2+

BH Bahrain

MX: 4.2+

BB Barbados

MX: 4.2+

BY Belarus

MX: 4.2+

BE Belgium

MX: 4.2+

BM Bermuda

MX: 4.2+

BO Bolivia

MX: 4.2+

BQ Bonaire

MX: 4.2+

BA Bosnia and Herzegovina

MX: 4.2+

BR Brazil

MX: 4.2+

BG Bulgaria

MX: 4.2+

CA Canada

MX: 4.2+

KY Cayman Islands

MX: 4.2+

CL Chile

MX: 4.2+

CN China

MX: 4.2+

CX Christmas Island

MX: 4.2+

CO Columbia

MX: 4.2+

CR Costa Rica

MX: 4.2+

HR Croatia

MX: 4.2+

CW Curacao

MX: 4.2+

CY Cyprus

MX: 4.2+

CZ Czech Republic

MX: 4.2+

DK Denmark

MX: 4.2+

DO Dominican Republic

MX: 4.2+

EC Ecuador

MX: 4.2+

EG Egypt

MX: 4.2+

SV El Salvador

MX: 4.2+

EE Estonia

MX: 4.2+

FK Falkland Islands(Malvinas)

MX: 4.2+

FI Finland

MX: 4.2+

FR France

MX: 4.2+

GF French Guiana

MX: 4.2+

DE Germany

MX: 4.2+

GR Greece

MX: 4.2+

GP Guadelope

MX: 4.2+

GU Guam

MX: 4.2+

GT Guatemala

MX: 4.2+

GY Guyana

MX: 4.2+

HT Haiti

MX: 4.2+

HN Honduras

MX: 4.2+

HK Hong Kong

MX: 4.2+

HU Hungary

MX: 4.2+

IS Iceland

MX: 4.2+

IN India

MX: 4.2+

ID Indonesia

MX: 4.2+

IE Ireland

MX: 4.2+

IL Israel

MX: 4.2+

IT Italy

MX: 4.2+

JM Jamaica

MX: 4.2+

JP Japan

MX: 4.2+

JO Jordan

MX: 4.2+

KZ Kazakhstan

MX: 4.2+

KE Kenya

MX: 4.2+

KR Korea Republic

MX: 4.2+

KW Kuwait

MX: 4.2+

LV Latvia

MX: 4.2+

LB Lebanon

MX: 4.2+

LI Liechtenstein

MX: 4.2+

LT Lithuania

MX: 4.2+

LU Luxembourg

MX: 4.2+

MK Macedonia, Former Yugoslav Republic

MX: 4.2+

MY Malaysia

MX: 4.2+

MT Malta

MX: 4.2+

MQ Martinique

MX: 4.2+

MX Mexico

MX: 4.2+

ME Montenegro

MX: 4.2+

MA Morocco

MX: 4.2+

AN Netherlands, Antilles

MX: 4.2+

NL Netherlands

MX: 4.2+

NZ New Zealand

MX: 4.2+

NI Nicaragua

MX: 4.2+

NG Nigeria

MX: 4.2+

NU Niue

MX: 4.2+

NF Norfolk Islands

MX: 4.2+

MP Northern Marina Islands

MX: 4.2+

NO Norway

MX: 4.2+

OM Oman

MX: 4.2+

PK Pakistan

MX: 4.2+

PA Panama

MX: 4.2+

PY Paraguay

MX: 4.2+

PE Peru

MX: 4.2+

PH Philippines

MX: 4.2+

PL Poland

MX: 4.2+

PT Portugal

MX: 4.2+

PR Puerto Rico

MX: 4.2+

QA Qatar

MX: 4.2+

RO Romania

MX: 4.2+

RU Russian Federation

MX: 4.2+

SX St. Maarten

MX: 4.2+

SA Saudi Arabia

MX: 4.2+

RS Serbia

MX: 4.2+

SG Singapore

MX: 4.2+

SK Slovakia

MX: 4.2+

SI Slovenia

MX: 4.2+

ZA South Africa

MX: 4.2+

ES Spain

MX: 4.2+

LK Sri Lanka

MX: 4.2+

SE Sweden

MX: 4.2+

CH Switzerland

MX: 4.2+

TW Taiwan, Province of China

MX: 4.2+

TH Thailand

MX: 4.2+

TT Trinidad and Tobago

MX: 4.2+

TN Tunisia

MX: 4.2+

TR Turkey

MX: 4.2+

UA Ukraine

MX: 4.2+

AE United Arab Emirates

MX: 4.2+

GB United Kingdom

MX: 4.2+

US U.S.A.

MX: 4.2+

UY Uruguay

MX: 4.2+

VE Venezuela

MX: 4.2+

VN Vietnam

MX: 4.2+

VG Virgin Islands(British)

MX: 4.2+

VI Virgin Islands(US)

MX: 4.2+

RF Band

Specifies the 802.11 band(s) to use. The bands to use will usually be determined automatically through negotiation with the Wi-Fi infrastructure. However, in some cases, the Wi-Fi infrastructure may be shared amongst multiple uses, which may mean that it would be preferable to limit the devices to one band and leave the other bands for other purposes.

Parm Name: BandSelection

Option Name Description Requires
Unchanged This value (or the absence of this parm from the XML) will not make any change to the current selected band on the device.

MX: 4.2+

2.4GHZ 2.4GHZ TThis value will enable 2.4GHz band.

MX: 4.2+

5.0GHZ 5.0GHZ This value will enable 5.0GHz band.

MX: 4.2+

Auto Auto This value will enable both bands and connect automatically to either.

MX: 4.2+

2.4GHz Channels

Enable the specified channels in the 2.4GHz band. In most cases, if the 2.4GHZ band is allowed to be used, then the channels in this band that should be used can be determined automatically through negotiation with the Wi-Fi infrastructure. However, it may be beneficial to control the channels manually because different channels or sets of channels might be used for different uses. It may be preferable to limit the devices to only use certain channels so that other channels are left for other purposes.

Parm value input rules:

  • String containing a set of valid channels.
    • Not all channels are available in all every country. Please see the link below for more information:
      • https://en.wikipedia.org/wiki/List_of_WLAN_channels
  • The minimum length is 0 characters and the maximum length is 64 characters.
  • Comma separated and may contain a range specified with a dash '-'. Example: 1,7-10

Shown if: The RF Band that is selected is either 2.4GHz or Auto

Parm Name: 2.4GHzChannels

Requires:

  • MX: 4.2+

5.0GHz Channels

Enable the specified channels in the 5.0GHz band. In most cases, if the 5.0GHZ band is allowed to be used, then the channels in this band that should be used can be determined automatically through negotiation with the Wi-Fi infrastructure. However, it may be beneficial to control the channels manually because different channels or sets of channels might be used for different uses. It may be preferable to limit the devices to only use certain channels so that other channels are left for other purposes.

Parm value input rules:

  • String containing a set of valid channels.
    • Not all channels are available in all every country. Please see the link below for more information:
      • https://en.wikipedia.org/wiki/List_of_WLAN_channels
  • The minimum length is 0 characters and the maximum length is 64 characters.
  • Comma separated and may contain a range specified with a dash '-'. Example: 36-60

Shown if: The RF Band that is selected is either 5.0GHz or Auto

Parm Name: 5.0GHzChannels

Requires:

  • MX: 4.2+

Specify Diagnostic Options

Specify whether Diagnostic Options will be used. When turned on, Fusion Advanced Logging can also be turned on. This option can be used to collect additional information for troubleshooting but can impact the performance of a device.

Note: In most cases, this option should not be used except under the direction of Zebra support staff.

Parm Name: UseDiagnosticOptions

Option Name Description Requires
true true

MX: 4.4+

false false

MX: 4.4+

Fusion Advanced Logging

Specify whether Fusion Advanced Logging will be used

Shown if: The "Specify Diagnostic Options" box is checked

Parm Name: FusionAdvancedLogging

Option Name Description Requires
true true

MX: 4.4+

false false

MX: 4.4+

Specify Advanced Options

Specify whether Advanced Options will be used. In most cases, these options should not be used except under the direction of Zebra support staff.

Parm Name: UseAdvancedOptions

Option Name Description Requires
true true

MX: 4.2+

false false

MX: 4.2+

Network Action

This is used to manage the Wi-Fi network profiles on the device. A given device can have zero or more Wi-Fi network profiles defined, which are used to specify the information that is needed for the device to connect to a single Wi-Fi network. These profiles can each be enabled or disabled. An enabled Wi-Fi network profile can be used to connect to a network and a disabled profile cannot be used to connect to a network. At any given time, the device can be connected to at most one network using a corresponding Wi-Fi network profile. The potential network connections are controlled by which profiles are defined and enabled on the device. It is also possible to force a connection to the network associated with a specific Wi-Fi network profile.

Parm Name: NetworkAction

Option Name Description Requires
Do nothing This value (or the absence of this parm from the XML) will not cause any Network Actions to be performed.

MX: 4.2+

add Add a New Network This value will add a new profile with the provided profile settings. For the options that will be presented when choosing to add a new network, please see the following "SSID" parm and the "Add a New Network Options" section below

MX: 4.2+

Remove Remove an Existing Network This value will remove the a network profile based on the SSID

MX: 4.2+

Connect Connect to an Existing Network This value will initiate a connection to the network based on the SSID

MX: 4.2+

Disconnect Disconnect from an Existing Network This value will disconnect from a network based on the SSID

MX: 4.2+

Enable Enable an Existing Network This value will enable a network profile based on the SSID

MX: 4.2+

Disable Disable an Existing Network This value will disable a network profile based on the SSID

MX: 4.2+

DisableAll Disable All Existing Networks This value will disable all network profiles

MX: 4.2+

RemoveAll Remove All Existing Networks This value will remove all network profiles

MX: 4.2+

SSID

This is the SSID name of the network, which is the primary mechanism used to identify a Wi-Fi network and is used to identify the Wi-Fi network profile to be acted on. Therefore, any Network Action that is used to affect a single profile need to specify the SSID to select the desired profile.

Parm value input rules:

  • String with a minimum size of 1 character and a maximum size of 32 characters

Shown if: The Network Action is any option other than "Do Nothing", "Disable All Existing Networks", or "Remove All Existing Networks"

Parm Name: SSID

Requires:

  • MX: 4.2+

Security Mode

This indicates that the network uses 802.1x Extensible Authentication Protocol (EAP) security. These networks use authentication to establish the entitlement of a device to join the network and then distribute necessary keys once this entitlement has been verified. Security information pertaining to the EAP type and authentication credentials to be used will need to be supplied to configure these networks.

Shown if: The Network Action is "Add a New Network"

Parm Name: NetworkAction

Option Name Description Requires
0 Open An open network indicates that the network uses no security. These kinds of networks are generally not advised to be used for transmitting sensitive data unless other protection mechanisms are used, such as VPNs, data encryption, etc. No additional security information will need to be supplied to configure these networks.

MX: 4.2+

1 Personal This indicates that the network uses basic security. A Pre-Shared Key (PSK) or Wired Equivalency Privacy (WEP) key, which is known to both the device and the Wi-Fi infrastructure, is used to encrypt data. These networks are more secure than open networks, but may be compromised if the keys are not handled securely and/or are not changed periodically. Security information pertaining to the required key will need to be supplied to configure these networks.

MX: 4.2+

2 Enterprise This value will remove the a network profile based on the SSID

MX: 4.2+

WPA Mode

When the selected Security Mode is "Personal" or "Enterprise", the WPA Mode must be specified to determine what sort of key will then be used.

Note: WEP is not supported with a Enterprise Security Mode. It is only supported using Personal Security Mode.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" or "Enterprise"

Parm Name: WPAMode

Option Name Description Requires
1 WPA This indicates that the network requires encryption using the Wi-Fi Protected Access (WPA) standard. WPA only performs encryption using the Temporal Key Integrity Protocol. A TKIP-compatible key will therefore need to be specified.

MX: 4.2+

2 WPA2 This indicates that the network requires encryption using the Wi-Fi Protected Access version 2 (WPA2) standard. WPA2 supports encryption using either the Temporal Key Integrity Protocol (TKIP) for backward compatibility with WPA, or the more secure Advanced Encryption Standard (AES) algorithm. A decision about whether to use TKIP or AES (or auto-select) will need to be made and then a TKIP or AES-compatible key will need to be specified.

MX: 4.2+

3 WPA/WPA2 This indicates that the network supports both the Wi-Fi Protected Access (WPA) standard and the Wi-Fi Protected Access version 2 (WPA2) standard. This is essentially the same effect as selecting WPA2 since WPA2 supports backward compatibility with WPA.

MX: 4.2+

4 WEP This indicates that the network requires encryption using the older, and less secure, Wired Equivalency Privacy (WEP) standard. A decision about the WEP key size to use will need to be made and then a WEP key of the selected size will need to be specified.

MX: 4.2+

Authentication

This is the Authentication Mode used by the network. When a Security Mode of "Enterprise" is selected, an Authentication Mode will need to be specified to determine how authentication will be performed as part of the 802.1x EAP type used by the network.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise"

Parm Name: Authentication

Option Name Description Requires
1 EAP-TLS This indicates that the network requires authentication using the 802.1x Extensible Authentication Protocol - Transport Layer Security (EAP-TLS) standard (RFC 5216). EAP-TLS requires a device identity to be specified and requires that a client certificate be specified to prove the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

13 EAP-FAST-GTC This indicates that the network requires authentication using a token generated using a Generic Token Card (GTC) within an anonymous TLS tunnel established using the 802.1x Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST) standard (RFC 5422). EAP-FAST-GTC requires a device identity to be specified and requires that a token value (typically obtained from a physical token device) be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

11 WPA/WPA2 This indicates that the network requires authentication using the Microsoft Challenge Authentication Protocol Version 2 (MSCHAPV2) within an anonymous TLS tunnel established using the 802.1x Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST) standard (RFC 5422). EAP-FAST-MSCHAPV2 requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

8 EAP-TTLS-PAP This indicates that the network requires authentication using the Password Authentication Protocol (PAP) within a secure TLS tunnel established using the 802.1x Extensible Authentication Protocol - Tunneled Transport Layer Security (EAP-TTLS) standard (RFC 5281). EAP-TTLS-PAP requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

6 EAP-TTLS-MSCHAP This indicates that the network requires authentication using the Microsoft Challenge Authentication Protocol (MSCHAP) within a secure TLS tunnel established using the 802.1x Extensible Authentication Protocol - Tunneled Transport Layer Security (EAP-TTLS) standard (RFC 5281). EAP-TTLS-MSCHAP requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

7 EAP-TTLS-MSCHAPV2 This indicates that the network requires authentication using the Microsoft Challenge Authentication Protocol Version 2 (MSCHAPV2) within a secure TLS tunnel established using the 802.1x Extensible Authentication Protocol - Tunneled Transport Layer Security (EAP-TTLS) standard (RFC 5281). EAP-TTLS-MSCHAPV2 requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

4 LEAP This indicates that the network requires authentication using the Lightweight Extensible Authentication Protocol (LEAP) defined by Cisco. LEAP uses a modified version of MSCHAP without a secure tunnel and hence can be easily compromised. LEAP requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. Unlike standard EAP modes, LEAP does not support an optional certificate to help verify the identity of the authentication server.

MX: 4.2+

2 PEAP-MSCHAPV2 This indicates that the network requires authentication using the Microsoft Challenge Authentication Protocol Version 2 (MSCHAPV2) within a secure TLS tunnel established using the Protected Extensible Authentication Protocol, (PEAP) defined by Cisco Systems, Microsoft, and RSA Security. PEAP-MSCHAPV2 requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

10 PEAP-GTC This indicates that the network requires authentication using a token generated using a Generic Token Card (GTC) within a secure TLS tunnel established using the Protected Extensible Authentication Protocol, (PEAP) defined by Cisco Systems, Microsoft, and RSA Security. PEAP-GTC requires a device identity to be specified and requires that a token value (typically obtained from a physical token device) be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

14 PEAP-NONE

MX: 5.0+

Identity

Identity is used only when Authentication is used, which also means that this is only used when the Security Mode is "Enterprise".

This parm is used by the device to specify to the Authentication Server the Identity that it wishes to authenticate as. The Identity is synonymous with "user name" in many cases. However, different Authentication Servers can be configured to require different types of Identity, such as email addresses, device unique ID, etc.

The Identity is used as a way of getting accepted by the Authentication Server so that you can receive the encryption key that is needed to operate on the network. Once you are authenticated, the Identity does not have any further meaning and is not used to identify the device on the network.

Specifying an empty (length of zero) value (or the absence of this parm from the XML) will cause the Identity will not be set.

Shown if: The Network Action is "Add a New Network" and the Authentication is "PEAP-NONE"

Parm Name: Identity

Requires:

  • MX: 4.2+

Anonymous Identity

Used to specify an Anonymous Identity for systems that support separate authentication outside of a secure tunnel.

When using an EAP type that has a secure tunnel over which authentication credentials can be delivered, it is sometimes necessary to specify an Identity outside the protections of the tunnel. In these cases, an Anonymous Identity can be sent so as not to disclose the actual Identity, password or other verifying credentials. A separate Anonymous Identity can be used only if the Authentication Server is set up to support it.

If no Anonymous Identity is specified, then the actual Identity will be sent outside the tunnel, if required. This may still be secure since the password and/or other verifying credentials are always sent inside the tunnel (in modes that use a tunnel for secure credential delivery). Using the actual Identity outside the tunnel would therefore risk disclosure of only part of the information needed to authenticate.

Parm value input rules:

  • String with a minimum of 0 characters and a maximum of 64 characters

Note: Specifying an empty (length of zero) value (or the absence of this parm from the XML) will prevent the Anonymous Identity from being set.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is "PEAP-MSCHAPV2" or "EAP-TTLS-MSCHAP" or "EAP-TTLS-MSCHAPV2" or "EAP-TTLS-PAP" or "PEAP-GTC" or "EAP-FAST-MSCHAPV2" or "EAP-FAST-GTC" or "PEAP-NONE"

Parm Name: AnonymousIdentity

Requires:

  • MX: 4.2+

Protect Password

Controls whether the Password will be stored as encrypted or clear text. Since the Password must be embedded within the XML, it is often desirable to encrypt the Password to prevent its extraction and exploitation in case the XML is intercepted.

A Password is used when the Security Mode is set to "Enterprise." All authentication types require a Password except EAP-TLS, which uses a client certificate instead. The Identity and Password combine to form an authentication credential that provides access to a network.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is "PEAP-MSCHAPV2" or "LEAP" or "EAP-TTLS-MSCHAP" or "EAP-TTLS-MSCHAPV2" or "EAP-TTLS-PAP" or "PEAP-GTC" or "EAP-FAST-MSCHAPV2" or "EAP-FAST-GTC" or "PEAP-NONE"

Parm Name: ProtectPassword

Requires:

  • MX: 4.2+

Password

Used to specify a Password to be used to connect to a network. This parameter name will change according to the value of ProtectPassword:

If ProtectPassword is false:

  • Parm name: PasswordClear
  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is "PEAP-MSCHAPV2" or "LEAP" or "EAP-TTLS-MSCHAP" or "EAP-TTLS-MSCHAPV2" or "EAP-TTLS-PAP" or "PEAP-GTC" or "EAP-FAST-MSCHAPV2" or "EAP-FAST-GTC" or "PEAP-NONE" and Protect Password is false

If Protect Password is true:

  • Parm name: PasswordEncrypted
  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is "PEAP-MSCHAPV2" or "LEAP" or "EAP-TTLS-MSCHAP" or "EAP-TTLS-MSCHAPV2" or "EAP-TTLS-PAP" or "PEAP-GTC" or "EAP-FAST-MSCHAPV2" or "EAP-FAST-GTC" or "PEAP-NONE" and Protect Password is true

Parm value input rules:

  • String with a minimum of 0 characters and a maximum of 64 characters

Note: The encryption process for this parameter value is currently undocumented, and the key required to encrypt is unpublished. Since there is currently no way to store an encrypted, server-supplied password within an XML file, MDM systems cannot use an encrypted password.

Parm Name: PasswordClear, PasswordEncrypted

Requires:

  • MX: 4.2+

Server Certificate Name

Optional parameter that allows the name of a certificate alias to be used to verify the server.

Parm value input rules:

  • String with a minimum of 0 characters and a maximum of 64 characters

Notes:

  • When Security Mode is "Enterprise," the device will not need to authenticate to an Authentication Server using the defined Authentication type. This will involve sending potentially sensitive authentication credentials to the Authentication Server. Zebra does not recommended this unless the authenticity of the Authentication Server can be verified, for example, ensuring it is not attempting to carry out a "man in the middle" attack.

  • The device contacts and challenges the Authentication Server to assert and prove its Identity through the use of a server certificate. The device must be able to establish the validity of that certificate and must trust the chain of authority of the issuer of that certificate. This would all occur whether or not a Server Certificate Name is specified.

  • By default, a certificate asserted by an Authentication Server will be trusted if it can be verified to have been validly issued by any trusted certificate authority. If a Server Certificate Name is supplied, then the certificate asserted by an Authentication Server will be trusted only if it is verified to have been validly issued by that specific trusted certificate authority. This increases the security by preventing the use of certificates issued by authorities that are not trusted to issue certificates to authentication servers.

  • Specifying an empty (length of zero) value (or the absence of this parm from the XML) will cause the Optional Server Certificate to not be set.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is "EAP-TLS" or "PEAP-MSCHAPV2" or "EAP-TTLS-MSCHAP" or "EAP-FAST-MSCHAPV2" or "EAP-TTLS-PAP" or "PEAP-GTC" or "EAP-FAST-MSCHAPV2" or "EAP-FAST-GTC" or "PEAP-NONE"

Parm Name: OptionalServerCertificate

Requires:

  • MX: 4.2+

Mandatory Client Certificate Name

The name of the certificate alias that should be used to join the network (Mandatory). When Authenticating using EAP-TLS, a client certificate is used instead of a Password. Consequently, when Authentication is EAP-TLS, a client certificate must be specified and a Password must not be specified.

Parm value input rules:

  • String with a minimum of 0 characters and a maximum of 64 characters

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is "EAP-TLS"

Parm Name: MandatoryClientCertificate

Requires:

  • MX: 4.2+

Optional Client Certificate Name

Optional parameter that allows the name of a client certificate alias to be used to join a network. When Authenticating with EAP types other than EAP-TLS (which would not require a client certificate) a client is still allowed. If used, the client certificate will be used to authenticate the device to the authentication server as part of the establishment of the secure tunnel over which further authentication credentials will be delivered. This means that the client certificate does not need to be unique, even if the authentication credentials are. The use of a client certificate can introduce an additional level of protection by requiring a device to possess a valid client certificate as well as valid authentication credentials. The client certificate serves as a first-pass filter.

Parm value input rules:

  • String with a minimum of 0 characters and a maximum of 64 characters

Note: Specifying an empty (length of zero) value (or the absence of this parm from the XML) will prevent an Optional Server Certificate from being set.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" the Authentication is "PEAP-MSCHAPV2" or "EAP-TTLS-MSCHAP" or "EAP-TTLS-MSCHAPV2" or "EAP-TTLS-PAP" or "PEAP-GTC" or "EAP-FAST-MSCHAPV2" or "EAP-FAST-GTC" or "PEAP-NONE"

Parm Name: OptionalClientCertificate

Requires:

  • MX: 4.2+

WPA Encryption Type

Type of encryption used by the network. The values that can be selected for Encryption Type will vary based on the selections made for Security Mode and WPA Mode. But a selection must always be made for Encryption Type whenever Security Mode is not "Open" (indicating no encryption).

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" or "Enterprise" and the WPA Mode is WPA

Parm Name: EncryptionWPA

Option Name Description Requires
0 Default This value (or the absence of this parm from the XML) will not make any change to the encryption type that is currently used on the device.

MX: 4.2+

1 TKIP This indicates that the network requires encryption to be performed using the Temporal Key Integrity Protocol (TKIP) standard with a per-packet key length of 128 bits.

MX: 4.2+

WPA2 Encryption Type

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" or "Enterprise" and the WPA Mode is WPA2 or WPA/WPA2

Parm Name: EncryptionWPA2

Option Name Description Requires
0 Default This value (or the absence of this parm from the XML) will not make any change to the encryption type that is currently used on the device.

MX: 4.2+

1 AES-CCMP This indicates that the network requires encryption to be performed using the Advanced Encryption Standard - Counter mode Cipher block chaining Message authentication code Protocol (AES-CCMP) standard, wherein the AES block cipher is used with a per-packet key length of 128 bits.

MX: 4.2+

2 TKIP This indicates that the network requires encryption to be performed using the Temporal Key Integrity Protocol (TKIP) standard with a per-packet key length of 128 bits.

MX: 4.2+

3 AES-CCMP/TKIP This indicates that the network allows the use of either the AES-CCMP standard or the TKIP encryption standard and the proper encryption type to use can be automatically determined by negotiation with the Wi-Fi infrastructure.

MX: 4.2+

WEP Encryption Type

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" or "Enterprise" and the WPA Mode is WEP

Parm Name: EncryptionWEP

Option Name Description Requires
1 WEP-40 This indicates that the network requires encryption to be performed using the Wireless Equivalency Privacy (WEP) standard with a key size of 40 bits.

MX: 4.2+

2 WEP-104 This indicates that the network requires encryption to be performed using the Wireless Equivalency Privacy (WEP) standard with a key size of 104 bits.

MX: 4.2+

Key Type

Specify the type of encryption key to be used by the network. This key is only specified when the Security Mode is "Personal" since the "Open" Security Mode does not use encryption and the "Enterprise" Security Mode distributes keys automatically following Authentication.

An encryption key can be specified using one of two methods:

  • A hexadecimal value of the actual key
  • A passphrase that can be used to generate a key using a pre-defined algorithm

The method that is used usually depends on the configuration of the Wi-Fi infrastructure that implements the network. This is because the key to be used must be known to both the Wi-Fi infrastructure and the client. Therefore, both must use a common method to specify that key.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal"

Parm Name: KeyType

Option Name Description Requires
HexKey Hex Key This indicates that the actual key used by the network to perform encryption will be specified.

MX: 4.2+

Passphrase Passphrase This indicates that a passphrase will be specified from which the actual key used by the network to perform encryption can be derived.

MX: 4.2+

Protect Key

This enables encryption of the Key.

A Key, or the Passphrase used to generate a Key, is generally considered sensitive information since possession of the key for a network grants access to that network. Since the Key or Passphrase must be embedded within the XML, it is often desirable to encrypt the Key or Passphrase so it cannot be extracted and exploited if the XML is intercepted. The WPA Mode and the Key Type, which were previously specified, will determine what type of Key or Passphrase will need to be used. The value selected for the ProtectKey parm will deterime whether the Key or Passphrase will be specified in clear, unencrypted text or encrypted form.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal"

Parm Name: KeyType

Requires:

  • MX: 4.2+

Passphrase

Controls whether the Key will be encrypted. When the Key Type is Passphrase, then the specified Passphrase will be used to generate the Key. The required Passphrase will vary depending on the WPA Mode specified (WEP or WPA Passphrase).

Note: Currently, the parm value encryption process is not documented and the key that is needed to encrypt is not published. Therefore, an MDM cannot currently use encrypted Keys or Passphrases since there is no way to store an encrypted, server-supplied password in XML file.

If WEP is selected and Protect Key is false:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Passphrase" and the WPA Mode is "WEP" and Protect Key is false
  • Parm name: PassphraseWEPClear
  • Parm value input rules:
    • String with a minimum of 4 characters and a maximum of 32 characters

If WEP is selected and Protect Key is true:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Passphrase" and the WPA Mode is "WEP" and Protect Key is true
  • Parm name: PassphraseWEPEncrypted
  • Parm value input rules:
    • String with a minimum of 4 characters and a maximum of 32 characters
  • Currently, this parm cannot be used effectively by an MDM.

If WEP is not selected and Protect Key is false:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Passphrase" and the WPA Mode is not "WEP" and Protect Key is false
  • Parm name: PassphraseWPAClear
  • Parm value input rules:
    • String with a minimum of 8 characters and a maximum of 63 characters

If WEP is not selected and Protect Key is true:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Passphrase" and the WPA Mode is not "WEP" and Protect Key is true
  • Parm name: PassphraseWPAEncrypted
  • Parm value input rules:
    • String with a minimum of 8 characters and a maximum of 63 characters
  • Currently, this parm cannot be used effectively by an MDM.

Parm Name: PassphraseWEPClear, PassphraseWEPEncrypted, PassphraseWPAClear, PassphraseWPAEncrypted

Requires:

  • MX: 4.2+

Hex Key

When Key Type is Hex Key, then a Key, which is expressed as a sequence of hexadecimal characters, needs to be specified. The type of Key required will vary based on the WPA Mode and Encryption Type specified, since it will need to be either a WEP 40 bit Key, a WEP 104 bit Key, or a 256 bit TKIP/AES-CCMP Key.

Note: Currently, the parm value encryption process is not documented and the key that is needed to encrypt is not published. Therefore, an MDM cannot currently use encrypted Keys or Passphrases since there is no way to store an encrypted, server-supplied password in an XML.

If WEP is not selected and Protect Key is false:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is not "WEP" and Protect Key is false
  • Parm name: HexKeyClear
  • Description: Provide the hex key (64 hex chars) used by network
  • Parm value input rules:
    • String with exactly 64 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 256 bit binary key value that can be used for either TKIP or AES-CCMP encryption.

If WEP is not selected and Protect Key is true:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is not "WEP" and Protect Key is true
  • Parm name: HexKeyEncrypted
  • Description: Provide the hex key (64 hex chars) used by network
  • Parm value input rules:
    • String with exactly 64 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 256 bit binary key value that can be used for either TKIP or AES-CCMP encryption.
  • Currently, this parm cannot be used effectively by an MDM.

If WEP is selected, the encryption type is WEP-40, and Protect Key is false:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is "WEP" and the Encryption Type is "WEP-40" and Protect Key is false
  • Parm name: HexKeyWep40Clear
  • Description: Provide the shared secret WEP-40 key (10 hex chars) used by the network
  • Parm value input rules:
    • String with exactly 10 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 40 bit binary key value that can be used for either WEP encryption.

If WEP is selected, the encryption type is WEP-40, and Protect Key is true:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is "WEP" and the Encryption Type is "WEP-40" and Protect Key is true
  • Parm name: HexKeyWep40Encrypted
  • Description: Provide the shared secret WEP-40 key (10 hex chars) used by the network
  • Parm value input rules:
    • String with exactly 10 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 40 bit binary key value that can be used for either WEP encryption.
  • Currently, this parm cannot be used effectively by an MDM.

If WEP is selected, the encryption type is WEP-104, and Protect Key is false:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is "WEP" and the Encryption Type is "WEP-104" and Protect Key is false
  • Parm name: HexKeyWep104Clear
  • Description: Provide the shared secret WEP-104 key (26 hex chars) used by the network
  • Parm value input rules:
    • String with exactly 26 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 104 bit binary key value that can be used for either WEP encryption.

If WEP is selected, the encryption type is WEP-104, and Protect Key is true:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is "WEP" and the Encryption Type is "WEP-104" and Protect Key is true
  • Parm name: HexKeyWep104Encrypted
  • Description: Provide the shared secret WEP-104 key (26 hex chars) used by the network
  • Parm value input rules:
    • String with exactly 26 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 104 bit binary key value that can be used for either WEP encryption.
  • Currently, this parm cannot be used effectively by an MDM.

Parm Name: HexKeyWEPClear, HexKeyWEPEncrypted, HexKeyWPAClear, HexKeyWPAEncrypted

Requires:

  • MX: 4.2+

WEP Key Index

Some Wi-Fi infrastructure that implements a network using WEP encryption may support multiple WEP keys and a WEP index to indicate which key to use at any given time.

Note: Android does not currently support multiple WEP keys per network. Therefore, only the first WEP key (wep[0]) is supported.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the WPA Mode is "WEP"

Parm Name: WepKeyIndex

Option Name Description Requires
1 wep[0]

MX: +

2 wep[1]

MX: +

3 wep[2]

MX: +

4 wep[3]

MX: +

Use DHCP

When this parm is selected, DHCP will be used. When not selected, Static IP address is used.

Most modern networks use DHCP to automatically assign IP Addresses to devices when they join the network. If DHCP is used, then all requisite IP Address information will be obtained automatically and no additional information will need to be provided.

If DHCP cannot be used for a particular network, then all IP Address information that is needed to operate on that network will need to be specified. None of the following IP Address information parms can be left blank, but they may not all require meaningful values, depending on the network.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the WPA Mode is "WEP"

Parm Name: UseDHCP

Requires:

  • MX: 4.2+

Static IP Address

Provide the static IP address to be assigned to the device on this network.

When not using DHCP, a valid IP Address for the device to use on the network must be specified and that IP Address must not be assigned to any other device on the same network.

Parm value input rules:

  • Must be a valid IPV4 address, example: 191.168.0.1

Shown if: The Network Action is "Add a New Network" and the "Use DHCP" box is not checked

Parm Name: IpAddress

Requires:

  • MX: 4.2+

Gateway 1 IP Address

Provide the IP address of the first gateway to the network.

When not using DHCP, a valid Gateway IP Address may or may not be required. If there is a Gateway that can route traffic out of the current network, then the IP Address of that Gateway should be specified if the device will need to send traffic outside that network. If the network is essentially self-contained, then it may not be important what value is specified for this parm.

Parm value input rules:

  • Must be a valid IPV4 address, example: 191.168.0.1

Shown if: The Network Action is "Add a New Network" and the "Use DHCP" box is not checked

Parm Name: IpGateway1

Requires:

  • MX: 4.2+

Subnet Mask

Provide the subnet mask to be used on the network.

When not using DHCP, a subnet mask must be specified that is consistent with the network and is consistent with the IP Address assigned to the device for use on that network.

Parm value input rules:

  • Must be a valid IPV4 subnet mask, example: 255.255.255.0

Shown if: The Network Action is "Add a New Network" and the "Use DHCP" box is not checked

Parm Name: IpMask

Requires:

  • MX: 4.2+

DNS Server 1 IP Address

Provide the IP address of the DNS server.

When not using DHCP, a valid DNS Server IP Address may or may not be required. If there is a DNS Server that can resolve network names to IP Addresses on the current network, then the IP Address of that server should be specified if the device will need to resolve names for that network. If name resolution is not required, then it may not be important what value is specified for this parm.

Parm value input rules IpDns1:

  • Must be a valid IPV4 address, example: 191.168.0.1

Parm value input rules IpDns2:

  • Must be a valid IPV4 address, example: 191.168.0.1
  • If no alternate DNS Server is available or required, then it may not be important what value is specified for this parm.
  • Specifying an empty (length of zero) value (or the absence of this parm from the XML) will cause the DNS Server 2 IP Address to not be set.

Shown if: The Network Action is "Add a New Network" and the "Use DHCP" box is not checked

Parm Name: IpDns1, IpDns2

Requires:

  • MX: 4.2+

Use Proxy

When selected, a Proxy is used for network connections. You can either manually configure the proxy settings or select the location of a PAC file for automatic configuration. A proxy is a an intermediary service that routes HTTP requests and responses between clients on a device and another network (typically the internet or an intranet). When there is a proxy between the Wi-Fi network and some outer network, then HTTP-based applications, such as a Web Browser, may need to negotiate with that proxy to access the services of that outer network.

Note: In MX 5.0, the parm data type changed from a Boolean to a value selected from the UseProxy list. Please check the list above.

Parm Name: UseProxy

Option Name Description Requires
0 None Since MX 5.0 the use of a code over a boolean value was implemented. This value was unaffected.

MX: 5.0+

1 Manual Since MX 5.0 the use of a code over a boolean was implemented. This value indicates a Manual Proxy.

MX: 5.0+

3 Proxy Auto-Config Automatically use a proxy. This value was instroduced in MX 5.0.

MX: 5.0+

Proxy Host Name

Provide the Host Name or IP Address of the computer on which the proxy is running. Host Name can be used only if the network provides suitable name resolution. Otherwise, an IP Address would need to be provided.

Since different Wi-Fi networks may have different proxies connecting them to different outer networks, proxy information, if needed, must be configured for each network.

Parm value input rules:

  • String with a minimum of 1 characters and a maximum of 64 characters

Shown if: The Network Action is "Add a New Network" and "Use Proxy" is set to manual.

Parm Name: ProxyHostName

Requires:

  • MX: 4.2+

Proxy Port

Provide the port number of the proxy server on the computer on which the proxy is running on which the proxy is listening.

Shown if: The Network Action is "Add a New Network" and "Use Proxy" is set to manual.

Parm Name: ProxyPort

Requires:

  • MX: 4.2+

Proxy Bypass

Once a proxy is configured for a given network, all HTTP traffic will generally be routed to the outer network via that proxy.

In some cases, it may be desirable to avoid routing selected Host Names or IP Addresses through the proxy. For example, you might want to access a local Web Server. This can be accomplished by listing the Host Names or IP Addresses for which the Proxy should be bypassed. To specify multiple Host Names or IP Addresses, separate them with commas.

Parm value input rules:

  • String with a maximum of 256 characters

Shown if: The Network Action is "Add a New Network" and "Use Proxy" is set to manual.

Parm Name: BypassProxy

Requires:

  • MX: 4.2+

PAC File Url

Provide the Host Name or IP Address of the location of where the proxy PAC file is located. This can be used only if the network provides suitable name resolution. Otherwise, an IP Address would need to be provided.

Since different Wi-Fi networks may have different proxies connecting them to different outer networks, proxy information, if needed, must be configured for each network.

Parm value input rules:

  • String with a minimum of 1 characters and a maximum of 64 characters

Shown if: The Network Action is "Add a New Network" and "Use Proxy" is set to Proxy Auto-Config.

Parm Name: PROXYPAC

Requires:

  • MX: 5.0+

Advanced Options

Use of Wi-Fi Advanced Options requires the following:

  • PMKID must be turned on to enable PreAuth (PreAuth =1 and PMKID =1)
  • FT must be turned on to enable FTRIC (FT=1 and FTRIC =1)
  • OKC must be turned off (OKC =0 and PMKID =1) to use PMKID caching

WARNING: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Auto Time Config

Used to enable/disable AutoTimeConfig feature, a Zebra-specific feature that updates the device timestamp based on Zebra IE in the 802.11 beacon. Not supported on TC70 QC GA1/GA2 running Android KitKat.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: AutoTimeConfig

Requires:

  • MX: 4.2+

HFSR

Used to enable/disable Hyper Fast Secure Roam (HFSR), Zebra's fast roam algorithm. Not supported on TC70 QC GA1/GA2, TC75 GA and TC55 GA devices running Android KitKat.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: HFSR

Requires:

  • MX: 4.2+

Aggregated Fast Transition

Controls the Fast Transition roam algorithm (802.11r), which improves on IEEE 802.11r Over-the-DS fast roaming. When used in conjunction with Zebra wireless LAN infrastructure, the device will achieve more reliable and consistent fast roaming. Enabled by default.

Not supported on TC70 QC GA1 devices running Android KitKat.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: FT

Requires:

  • MX: 4.2+

CKM

Used to enable/disable the CCX roam algorithm (CCKM).

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: CCKM

Requires:

  • MX: 4.2+

FTRIC

Used to enables/disable the Fast Transition Resource Request (802.11r). Not supported on TC70 QC GA1/GA2, TC75 GA or TC55 GA devices running Android KitKat.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: FTRIC

Requires:

  • MX: 4.2+

OKC

Used to enable/disable Opportunistic Key Caching (OKC).

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: OKC

Requires:

  • MX: 4.2+

PMKID

Used to enable/disable PMKID Caching. If PMKID is enabled, OKC must be disabled for PMKID caching to operate.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: PMKID

Requires:

  • MX: 4.2+

Power Save Mode

Used to configure the WLAN radio Power Save Mode from the settings table below. The default "Fast Power Save" value must be used for the "Power Save" parameter; the "Do not change" value will result in failure.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: PowerSave

Option Name Description Requires
0 Do not change

MX: 4.2+

1 Always Active

MX: 4.2+

2 Fast Power Save (Deprecated)

MX: 4.2+

3 Max Power Save (Deprecated)

MX: 4.2+

4 WMM-PS

MX: 4.4+

5 Null Data Power Save

MX: 4.4+

6 PS-POLL

MX: 4.4+

PreAuth

Used to enable/disable 802.1x Pre-Authentication. Not supported on TC70 QC GA1/GA2 or TC75 GA devices running Android KitKat.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: PreAuth

Requires:

  • MX: 4.2+

WLAN Power Save Mode

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

This option is to configure different WLAN Power Save Modes of Radio.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: WLANPowerSave

Option Name Description Requires
0 WMM-PS

MX: 4.3+

1 Null Data Power Save

MX: 4.3+

2 PS-POLL

MX: 4.3+

3 Do not change

MX: 4.3+

Advanced Logging

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Start or Stop advanced Wi-Fi logging.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: AdvancedLogging

Requires:

  • MX: 4.2+

FIPS

Used to enable/disable FIPS data in motion supported in WLAN. WLAN FIPS 140-2, level 1 compliance. Not supported on TC70 QC GA1/GA2, TC75 GA or TC55 GA devices running Android KitKat.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: FIPS

Requires:

  • MX: 4.2+

Enable Restricted Settings UI

Used to enable/disable read-only mode for Wi-Fi settings according to the values in the table below. Not supported on TC70 QC GA1/GA2 running Android KitKat.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: PowerSave

Option Name Description Requires
0 Do not change

MX: +

1 Disable Restricted WLAN Settings UI

MX: +

2 Enable Restricted WLAN Settings UI

MX: +

Radio Resource Management (802.11k)

Used to enable/disable Radio Resource Management, which measures transmit power, data rates and other wireless characteristics in an effort to optimize communication efficiency. Not supported on TC70 QC GA1/GA2 running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: 802.11K

Requires:

  • MX: 4.3+

Management Frame Protection Mode (802.11w)

Used to specify the Management Frame Protection Mode from the values in the table below. Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: 802.11w

Option Name Description Requires
0 No MFP

MX: 4.3+

1 Capable

MX: 4.3+

2 Mandatory

MX: 4.3+

3 Do not change

MX: 4.3+

Select Band Preference

Used to specify the preferred Wi-Fi band. Not supported on MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: BandPreference

Option Name Description Requires
0 No Preference

MX: 4.3+

1 Prefer 2.4GHz

MX: 4.3+

2 Prefer 5.0GHz

MX: 4.3+

3 Do not change

MX: 4.3+

FT Over The DS

Used to enable/disable Fast Transition over the Distribution System (FTOverTheDS). Enabled by default. Also known as 802.11r Over-the-DS, this fast roam standard reduces the number frames exchanged when the device roams from one AP to another if the infrastructure supports it. Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: FTOverTheDS

Requires:

  • MX: 4.3+

ScanAssist

Used to enable/disable ScanAssist. This feature improves roaming on Zebra devices by allowing the device to monitor neighboring access points to retrieve roam-related information from the Zebra wireless LAN infrastructure without doing scans. Enabled by default.

Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: ScanAssist

Requires:

  • MX: 4.3+

AggregatedFT

Used to enable/disable the AggregatedFT feature. Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: AggregatedFT

Requires:

  • MX: 4.3+

Coverage Hole Detection

Used to enable/disable Coverage Hole Detection, which reports gaps in signal coverage to the Zebra wireless LAN infrastructure. Enabled by default. Network administrators can detect and mitigate coverage gaps present in the network for greater reliability. Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: CHD

Requires:

  • MX: 4.3+

Subnet Roam

Specify whether to enable subnet roaming. Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: SubNetRoam

Requires:

  • MX: 4.4+

WAN Country

Used to enable/disable WAN Country, which obtains country information from the WAN Interface (GSM/CDMA base station) and applies regulatory rules based on the Country Code received. Supported only on WAN based devices. Not supported on TC70 QC GA1/GA2 running Android KitKat, or MPA3 RevB- or RevC-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable results.

Shown if: The "Specify Advanced Options" box is enabled.

Parm Name: WANCountry

Requires:

  • MX: 4.3+

Examples

Managing Certificates Related to Wi-Fi Networks

Initialize the Android KeyStore

Note: This must be done for a new device before you can install certificates.

Without a password:


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="4"/>
    </characteristic>
</wap-provisioningdoc>


With a password:


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="4"/>
        <characteristic type="keystore-details">
            <parm name="KeystorePassword" value="password"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Remove a Certificate:


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="2"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName1"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Install a CA certificate (.PEM file):


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="1"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName2"/>
            <parm name="CertType" value="5"/>
            <parm name="CertMethod" value="2"/>
            <parm name="CertFileCA" value="/path/to/cert.pem"/>
            <parm name="CertAdjustClock" value="false"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Install a client certificate (.PEM file):


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="1"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName2"/>
            <parm name="CertType" value="6"/>
            <parm name="CertMethod" value="2"/>
            <parm name="CertFileClient" value="/path/to/cert.pem"/>
            <parm name="CertAdjustClock" value="false"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Install a client certificate and private key (.PFX file):


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="1"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName2"/>
            <parm name="CertType" value="8"/>
            <parm name="CertMethod" value="2"/>
            <parm name="CertFileClient" value="/path/to/cert.pem"/>
            <parm name="CertAdjustClock" value="false"/>
            <parm name="PrivateKeyPassword" value="pass"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Install a client certificate and private key (.P12 file):


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="1"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName2"/>
            <parm name="CertType" value="9"/>
            <parm name="CertMethod" value="2"/>
            <parm name="CertFileClient" value="/path/to/cert.pem"/>
            <parm name="CertAdjustClock" value="false"/>
            <parm name="PrivateKeyPassword" value="pass"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Install a client certificate and private key (.PKCS12 file):


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="1"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName2"/>
            <parm name="CertType" value="9"/>
            <parm name="CertMethod" value="10"/>
            <parm name="CertFileClient" value="/path/to/cert.pem"/>
            <parm name="CertAdjustClock" value="false"/>
            <parm name="PrivateKeyPassword" value="pass"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Country Selection

Selecting a Country:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="1"/>
        <characteristic type="Regulatory">
            <parm name="Country" value="US"/>
        </characteristic>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
    </characteristic>
</wap-provisioningdoc>


Using the Auto Option:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="1"/>
        <characteristic type="Regulatory">
            <parm name="Country" value="AUTO"/>
        </characteristic>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
    </characteristic>
</wap-provisioningdoc>


Band Selection

Set 2.4 GHz:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <characteristic type="Radio">
            <parm name="BandSelection" value="2.4GHz"/>
            <characteristic type="ChannelSelection">
                <parm name="2.4GHzChannels" value="1"/>
            </characteristic>
        </characteristic>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
    </characteristic>
</wap-provisioningdoc>


Set 5.0 GHz:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <characteristic type="Radio">
            <parm name="BandSelection" value="5.0GHz"/>
            <characteristic type="ChannelSelection">
                <parm name="5.0GHzChannels" value="36"/>
            </characteristic>
        </characteristic>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
    </characteristic>
</wap-provisioningdoc>


Set Auto (both 2.4 and 5.0 GHz):


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <characteristic type="Radio">
            <parm name="BandSelection" value="Auto"/>
            <characteristic type="ChannelSelection">
                <parm name="2.4GHzChannels" value="1"/>
                <parm name="5.0GHzChannels" value="36"/>
            </characteristic>
        </characteristic>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
    </characteristic>
</wap-provisioningdoc>


Add Wi-Fi Network

Adding an Open Network:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="0"/>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding a Personal Network with WPA:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="1"/>
            <parm name="WPAMode" value="1"/>
            <characteristic type="key-details">
                <parm name="KeyType" value="Passphrase"/>
                <parm name="ProtectKey" value="0"/>
                <parm name="PassphraseWPAClear" value="KsdU6X3u"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding a Personal Network with WPA and TKIP:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="1"/>
            <parm name="WPAMode" value="1"/>
            <characteristic type="auth-details">
                <characteristic type="encryption-details">
                    <parm name="EncryptionWPA" value="1"/>
                </characteristic>
            </characteristic>
            <characteristic type="key-details">
                <parm name="KeyType" value="Passphrase"/>
                <parm name="ProtectKey" value="0"/>
                <parm name="PassphraseWPAClear" value="KsdU6X3u"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding a Personal Network with WPA2:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="1"/>
            <parm name="WPAMode" value="2"/>
            <characteristic type="key-details">
                <parm name="KeyType" value="Passphrase"/>
                <parm name="ProtectKey" value="0"/>
                <parm name="PassphraseWPAClear" value="KsdU6X3u"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding a Personal Network with WPA/WPA2:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="1"/>
            <parm name="WPAMode" value="3"/>
            <characteristic type="key-details">
                <parm name="KeyType" value="Passphrase"/>
                <parm name="ProtectKey" value="0"/>
                <parm name="PassphraseWPAClear" value="KsdU6X3u"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding a Personal Network with WEP:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="1"/>
            <parm name="WPAMode" value="4"/>
            <characteristic type="auth-details">
                <characteristic type="encryption-details">
                    <parm name="EncryptionWEP" value="1"/>
                </characteristic>
            </characteristic>
            <characteristic type="key-details">
                <parm name="KeyType" value="Passphrase"/>
                <parm name="ProtectKey" value="0"/>
                <parm name="PassphraseWEPClear" value="KsdU6X3u"/>
                <parm name="WepKeyIndex" value="1"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding an Enterprise Network with WPA:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="2"/>
            <parm name="WPAMode" value="1"/>
            <parm name="Authentication" value="1"/>
            <characteristic type="auth-details">
                <parm name="OptionalServerCertificate" value="serverCertName"/>
                <parm name="MandatoryClientCertificate" value="clientCertName"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding an Enterprise Network with WPA2:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="2"/>
            <parm name="WPAMode" value="2"/>
            <parm name="Authentication" value="1"/>
            <characteristic type="auth-details">
                <parm name="OptionalServerCertificate" value="serverCertName"/>
                <parm name="MandatoryClientCertificate" value="clientCertName"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding an Enterprise Network with WPA/WPA2:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="2"/>
            <parm name="WPAMode" value="3"/>
            <parm name="Authentication" value="1"/>
            <characteristic type="auth-details">
                <parm name="OptionalServerCertificate" value="serverCertName"/>
                <parm name="MandatoryClientCertificate" value="clientCertName"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding an Enterprise Network with WEP:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="2"/>
            <parm name="WPAMode" value="4"/>
            <parm name="Authentication" value="1"/>
            <characteristic type="auth-details">
                <characteristic type="encryption-details">
                    <parm name="EncryptionWEP" value="1"/>
                </characteristic>
                <parm name="OptionalServerCertificate" value="serverCertName"/>
                <parm name="MandatoryClientCertificate" value="clientCertName"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>