Wifi Manager

EMDK For Xamarin - 2.5

Overview

Wi-Fi Manager (Wi-Fi) administers the wireless LAN settings and network profiles for a device, including the settings required for connecting to networks. The Wi-Fi CSP also controls OmniTrail, a set of services available in some Zebra devices that enable highly accurate, secure and power-efficient device locationing. OmniTrail can locate a device to within about 5 feet (1.5 meters). See below for OmniTrail requirements.

OmniTrail Requirements

  • OmniTrail is supported only on the following devices:
    • MC18
    • MC40
    • TC51
    • TC56
    • TC70x
    • TC75x
  • Device must be running Android 5.0 Lollipop or later
  • Device must contain MX 6.3 or higher

Main Functionality

  • Enable/Disable:
    • All Wi-Fi communication on the device
    • An existing Wi-Fi network
    • Advanced Logging
    • AggregatedFT
    • Auto RF Band selection
    • Cisco Centralized Key Management (CCKM)
    • Coverage Hole Detection
    • Fast Transition (FT)
    • Fast Transition Resource Request (FTRIC)
    • FIPS Compliance
    • FTOverTheDS
    • Fusion Advanced Logging
    • Hotspot mode (ET50, ET55 with Lollipop only)
    • Hyper Fast Secure Roam (HF SR)
    • Management Frame Protection Mode (802.?11w)
    • OKC (Opportunistic Key Caching)
    • OmniTrail Device-Location Services and Options
    • Password Protect Encryption
    • PMKID Caching
    • PreAuth
    • Radio Resource Measurement (802.?11K)
    • Restricted WLAN Settings UI
    • ScanAssist
    • Setting the Clock from an Access Point (AP)
    • Sub-Net Roam
    • WANCountry
  • Set Hotspot (ET50, ET55 with Lollipop only):
    • AP Channel, Band, SSID and Options
    • Security Modes, Passphrase and Passphrase Encryption
  • Set Wi-Fi to Sleep: Never, Always or Always When Plugged In
  • Use/Do Not Use Network Notifications
  • Select Country automatically or manually
  • Set the RF Band
  • Set Power Savings Mode to: Always Active, WMM-PS, Null Data or PS-POLL
  • Set the band preference
  • Connect to/Disconnect from a Wi-Fi network
  • Disable all existing Wi-Fi networks
  • Remove all existing Wi-Fi networks
  • Encrypt Passwords in transit
  • Encrypt Passwords stored on the device

Target OS

Used to specify the operating system of the target device.

Parm Name: TargetOS

Option Name Description Requires
2 Android Specifies Android as the operating system of the target device.

MX: 4.2+

Wi-Fi Enable/Disable

This is the On-Off switch for the Wi-Fi radio. Note: Wi-Fi must be enabled to change certain other Wi-Fi settings, including those controlled by the Network Actions parameter described later in this document. Attempting to change such settings while the Wi-Fi radio is disabled will return an error in the Result XML. Zebra recommends beginning any profile created to change Wi-Fi settings with a command to Enable the Wi-Fi radio.

Caution: Some Wi-Fi parameters vary from conventions used by other CSPs:

  • The "Enable" and "Disable" settings in the Wi-Fi CSP control whether a user or administrator can "turn on" and "turn off" a feature or capability, or to set its state as "active" or "inactive." Such terms in other CSPs refer to the feature's "Usage" setting, which can prevent access to the feature entirely.
  • The value "0" is used in Wi-Fi parameters to "Disable" a feature, select its default setting or "make no change" or "do nothing" to a setting. In most other CSPs, the "0" value is used to select the "make no change" option.

Parm Name: WiFiAction

Option Name Description Requires
0 Do not change This value (or the absence of this parm from the XML) causes no change to Wi-Fi settings; any previously selected setting will be retained.

MX: 4.2+

1 Enable Turns the Wi-Fi radio On.

MX: 4.2+

2 Disable Turns the Wi-Fi radio Off.

MX: 4.2+

Sleep Policy

Specifies the state of the Wi-Fi radio when the device enters sleep mode. When Wi-Fi remains enabled during sleep, existing Wi-Fi connections will be maintained as during normal operations. While preferrable for some situations, this mode can significantly reduce battery life.

Android devices by default enter suspend mode after being idle for a specified period of time. While in this mode, software continues to run, but in a lower-power state.

Parm Name: WifiSleepPolicy

Option Name Description Requires
4 Do not change This (null) value (or the absence of this parm from the XML) causes no change to the current sleep policy on the device; any previously selected setting will be retained.

MX: 4.2+

0 AlwaysOn Causes the Wi-Fi radio to remain enabled when the device goes to sleep, allowing continued access to Wi-Fi for running apps.

MX: 4.2+

1 PluggedIn Causes the Wi-Fi radio to remain enabled whenever the device is plugged in and not running on battery power regardless of sleep state, allowing continued access to Wi-Fi for running apps.

MX: 4.2+

2 NeverOn Causes the Wi-Fi radio to be disabled off when the device enters sleep mode, dropping any existing Wi-Fi connections.

MX: 4.2+

Country Selection Auto/Manual

Permits the country-selection preference for network usage and Wi-Fi regulatory setting by the device to be specified. Check the box to select the country manually from the drop-down menu; leave the box unchecked to allow the network router or Wi-Fi access point to select the country using the 802.11d protocol.

Parm Name: UseRegulatory

Option Name Description Requires
11 UseRegulatory Permits manual country selection.

MX: 4.2+

12 Country Allows the country to be determined by the router.

MX: 4.2+

Country

Permits selection of country-specific Wi-Fi regulatory settings. Choosing "AUTO" enables 802.11d selection, which configures the device to listen for a country-specific beacon. Using the AUTO setting, the device will not transmit unless it can successfully detect the country and use a frequency that is consistent with the country's Wi-Fi infrastructure. This setting is the least likely to violate country-specific regulations. Countries that do not support the 802.11d infrastructure must be selected manually.

Shown if: The "Configure Country (Auto/Manual)" box is unchecked

Parm Name: Country

Option Name Description Requires
AUTO AUTO (Use 802.11d)

MX: 4.2+

DZ Algeria

MX: 4.2+

AI Anguilla

MX: 4.2+

AR Argentina

MX: 4.2+

AU Australia

MX: 4.2+

AT Austria

MX: 4.2+

BS Bahamas

MX: 4.2+

BH Bahrain

MX: 4.2+

BB Barbados

MX: 4.2+

BY Belarus

MX: 4.2+

BE Belgium

MX: 4.2+

BM Bermuda

MX: 4.2+

BO Bolivia

MX: 4.2+

BQ Bonaire

MX: 4.2+

BA Bosnia and Herzegovina

MX: 4.2+

BR Brazil

MX: 4.2+

BG Bulgaria

MX: 4.2+

CA Canada

MX: 4.2+

KY Cayman Islands

MX: 4.2+

CL Chile

MX: 4.2+

CN China

MX: 4.2+

CX Christmas Island

MX: 4.2+

CO Columbia

MX: 4.2+

CR Costa Rica

MX: 4.2+

HR Croatia

MX: 4.2+

CW Curacao

MX: 4.2+

CY Cyprus

MX: 4.2+

CZ Czech Republic

MX: 4.2+

DK Denmark

MX: 4.2+

DO Dominican Republic

MX: 4.2+

EC Ecuador

MX: 4.2+

EG Egypt

MX: 4.2+

SV El Salvador

MX: 4.2+

EE Estonia

MX: 4.2+

FK Falkland Islands(Malvinas)

MX: 4.2+

FI Finland

MX: 4.2+

FR France

MX: 4.2+

GF French Guiana

MX: 4.2+

DE Germany

MX: 4.2+

GR Greece

MX: 4.2+

GP Guadelope

MX: 4.2+

GU Guam

MX: 4.2+

GT Guatemala

MX: 4.2+

GY Guyana

MX: 4.2+

HT Haiti

MX: 4.2+

HN Honduras

MX: 4.2+

HK Hong Kong

MX: 4.2+

HU Hungary

MX: 4.2+

IS Iceland

MX: 4.2+

IN India

MX: 4.2+

ID Indonesia

MX: 4.2+

IE Ireland

MX: 4.2+

IL Israel

MX: 4.2+

IT Italy

MX: 4.2+

JM Jamaica

MX: 4.2+

JP Japan

MX: 4.2+

JO Jordan

MX: 4.2+

KZ Kazakhstan

MX: 4.2+

KE Kenya

MX: 4.2+

KR Korea Republic

MX: 4.2+

KW Kuwait

MX: 4.2+

LV Latvia

MX: 4.2+

LB Lebanon

MX: 4.2+

LI Liechtenstein

MX: 4.2+

LT Lithuania

MX: 4.2+

LU Luxembourg

MX: 4.2+

MK Macedonia, Former Yugoslav Republic

MX: 4.2+

MY Malaysia

MX: 4.2+

MT Malta

MX: 4.2+

MQ Martinique

MX: 4.2+

MX Mexico

MX: 4.2+

ME Montenegro

MX: 4.2+

MA Morocco

MX: 4.2+

AN Netherlands, Antilles

MX: 4.2+

NL Netherlands

MX: 4.2+

NZ New Zealand

MX: 4.2+

NI Nicaragua

MX: 4.2+

NG Nigeria

MX: 4.2+

NU Niue

MX: 4.2+

NF Norfolk Islands

MX: 4.2+

MP Northern Marina Islands

MX: 4.2+

NO Norway

MX: 4.2+

OM Oman

MX: 4.2+

PK Pakistan

MX: 4.2+

PA Panama

MX: 4.2+

PY Paraguay

MX: 4.2+

PE Peru

MX: 4.2+

PH Philippines

MX: 4.2+

PL Poland

MX: 4.2+

PT Portugal

MX: 4.2+

PR Puerto Rico

MX: 4.2+

QA Qatar

MX: 4.2+

RO Romania

MX: 4.2+

RU Russian Federation

MX: 4.2+

SX St. Maarten

MX: 4.2+

SA Saudi Arabia

MX: 4.2+

RS Serbia

MX: 4.2+

SG Singapore

MX: 4.2+

SK Slovakia

MX: 4.2+

SI Slovenia

MX: 4.2+

ZA South Africa

MX: 4.2+

ES Spain

MX: 4.2+

LK Sri Lanka

MX: 4.2+

SE Sweden

MX: 4.2+

CH Switzerland

MX: 4.2+

TW Taiwan, Province of China

MX: 4.2+

TH Thailand

MX: 4.2+

TT Trinidad and Tobago

MX: 4.2+

TN Tunisia

MX: 4.2+

TR Turkey

MX: 4.2+

UA Ukraine

MX: 4.2+

AE United Arab Emirates

MX: 4.2+

GB United Kingdom

MX: 4.2+

US U.S.A.

MX: 4.2+

UY Uruguay

MX: 4.2+

VE Venezuela

MX: 4.2+

VN Vietnam

MX: 4.2+

VG Virgin Islands(British)

MX: 4.2+

VI Virgin Islands(US)

MX: 4.2+

RF Band Selection

Used to specify which RF band(s) the device will use for 802.11 communications. This parameter is usually set automatically through negotiation with the Wi-Fi infrastructure. However, it might sometimes be desirable to limit Wi-Fi communications to certain bands, leaving other bands free for other purposes.

Parm Name: BandSelection

Option Name Description Requires
0 Unchanged This value (or the absence of this parm from the XML) causes no change to the band(s) currently selected on the device; any previously selected setting will be retained.

MX: 4.2+

1 2.4GHz Selects the 2.4GHz band for Wi-Fi communications.

MX: 4.2+

2 5.0GHZ Selects the 5.0GHz band for Wi-Fi communications.

MX: 4.2+

3 Auto Enables 2.4GHz and 5.0GHz bands to operate on the device and allows the connection to selected automatically.

MX: 4.2+

Network Notification

Controls whether to present user notifications when unknown, open networks such as those offered by public Wi-Fi come into range of the device. If enabled, the user will be presented with the opportunity to connect with such networks. This might be desireable for personal or dual-use devices, but could introduce vulnerabilities when connecting to non-secure or otherwise unknown networks. Zebra recommends disabling Network Notification on devices intended for use only on corporate Wi-Fi networks.

Parm Name: NetworkNotification

Option Name Description Requires
2 Do not change This value (or the absence of this parm from the XML) will cause no change to the current network notification setting; any previously selected setting will be retained.

MX: 4.2+

1 true Enables user notifications to be displayed when unknown, open network(s) come into range.

MX: 4.2+

0 false Disables user notifications when unknown, open networks come into range.

MX: 4.2+

Set 2.4GHz Channels

Used to designate channels in the 2.4GHz band for use by the device. While channels used in this band are generally determined automatically through negotiation with the Wi-Fi infrastructure, channels or sets of channels also can be specified manually to avoid interference with other devices or to dedicate certain channels for specific purposes. Warning: Not all channels are available in all countries. See the List of WLAN Channels for more information.

Parm value input rules:

  • String from 0-64 characters containing a set of valid channels
  • Multiple values must be separated by commas (i.e. "1,6,11,14")
  • Also accepts ranges when specified with a hyphen (-) (i.e. "1,7-10")

Shown if: The selected RF Band is "2.4GHz" or "Auto"

Parm Name: 2.4GHzChannels

Requires:

  • MX: 4.2+

Set 5.0GHz Channels

Used to designate channels in the 5GHz band for use by the device. While channels used in this band are generally determined automatically through negotiation with the Wi-Fi infrastructure, channels or sets of channels also can be specified manually to avoid interference with other devices or to dedicate certain channels for specific purposes. Warning: Not all channels are available in all countries. See the List of WLAN Channels for more information.

Parm value input rules:

  • String from 0-64 characters containing a set of valid channels
  • Multiple values must be separated by commas (i.e. "7,11,12,16...")
  • Also accepts ranges when specified with a hyphen (-) (i.e. "36-60")

Shown if: The selected RF Band is "5.0GHz" or "Auto"

Parm Name: 5.0GHzChannels

Requires:

  • MX: 4.2+

Use Diagnostic Options (checkbox)

Controls whether Diagnostic Options will be used on the device. Generally used only at the direction of Zebra support staff; impacts device performance and behavior. Used to collect additional information for troubleshooting. When checked, Fusion Advanced Logging can also be enabled.

Parm Name: UseDiagnosticOptions

Option Name Description Requires
1 (checked) Allows device diagnostics options to be selected.

MX: 4.4+

0 (unchecked) Prevents diagnostics options from being displayed for selection.

MX: 4.4+

Fusion Advanced Logging (checkbox)

Controls whether Fusion Advanced Logging will be used on the device. Available only when Advanced Wi-Fi Options are enabled.

This option is generally used only at the direction of Zebra support staff.

Shown if: The "Use Diagnostic Options" box is checked

Parm Name: FusionAdvancedLogging

Option Name Description Requires
1 (checked) Enables logging on the device.

MX: 4.4+

0 (unchecked) Disables logging on the device.

MX: 4.4+

Network Action

Used to manage the Wi-Fi network profiles on the device, each of which contains the settings necessary to connect to an individual Wi-Fi network. Any number of profiles can be defined and stored on the device using the parameters relevant to "Add a New Network" below. Profiles can be used to control the networks to which a device will be allowed to connect or to force connections to a particular network.

Parm Name: NetworkAction

Option Name Description Requires
0 Do nothing This value (or the absence of this parm from the XML) will perform no Network Action.

MX: 4.2+

1 Add This value will add a new profile with the profile settings specified.

MX: 4.2+

2 Remove Remove an existing network profile based on the SSID specified.

MX: 4.2+

3 Connect Initiates a connection to an existing network based on the SSID specified.

MX: 4.2+

4 Disconnect Disconnects from a network based on the SSID specified.

MX: 4.2+

5 Enable Enables a network profile based on the SSID specified.

MX: 4.2+

6 Disable Disables a network profile based on the SSID specified.

MX: 4.2+

7 DisableAll Disables all network profiles on the device.

MX: 4.2+

8 RemoveAll Deletes all network profiles from the device.

MX: 4.2+

SSID

This is the SSID name of the network, which is the primary mechanism used to identify a Wi-Fi network and is used to identify the Wi-Fi network profile to be acted on. Therefore, any Network Action that is used to affect a single profile need to specify the SSID to select the desired profile.

Parm value input rules:

  • String with a minimum size of 1 character and a maximum size of 32 characters

Shown if: The Network Action is any option other than "Do Nothing", "Disable All Existing Networks", or "Remove All Existing Networks"

Parm Name: SSID

Requires:

  • MX: 4.2+

Security Mode

This indicates that the network uses 802.1x Extensible Authentication Protocol (EAP) security. These networks use authentication to establish the entitlement of a device to join the network and then distribute necessary keys once this entitlement has been verified. Security information pertaining to the EAP type and authentication credentials to be used will need to be supplied to configure these networks.

Shown if: The Network Action is "Add a New Network"

Parm Name: NetworkAction

Option Name Description Requires
0 Open An open network indicates that the network uses no security. These kinds of networks are generally not advised to be used for transmitting sensitive data unless other protection mechanisms are used, such as VPNs, data encryption, etc. No additional security information will need to be supplied to configure these networks.

MX: 4.2+

1 Personal This indicates that the network uses basic security. A Pre-Shared Key (PSK) or Wired Equivalency Privacy (WEP) key, which is known to both the device and the Wi-Fi infrastructure, is used to encrypt data. These networks are more secure than open networks, but may be compromised if the keys are not handled securely and/or are not changed periodically. Security information pertaining to the required key will need to be supplied to configure these networks.

MX: 4.2+

2 Enterprise This value will remove the a network profile based on the SSID

MX: 4.2+

WPA Mode

When the selected Security Mode is "Personal" or "Enterprise", the WPA Mode must be specified to determine what sort of key will then be used.

Note: WEP is not supported with a Enterprise Security Mode. It is only supported using Personal Security Mode.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" or "Enterprise"

Parm Name: WPAMode

Option Name Description Requires
1 WPA This indicates that the network requires encryption using the Wi-Fi Protected Access (WPA) standard. WPA only performs encryption using the Temporal Key Integrity Protocol. A TKIP-compatible key will therefore need to be specified.

MX: 4.2+

2 WPA2 This indicates that the network requires encryption using the Wi-Fi Protected Access version 2 (WPA2) standard. WPA2 supports encryption using either the Temporal Key Integrity Protocol (TKIP) for backward compatibility with WPA, or the more secure Advanced Encryption Standard (AES) algorithm. A decision about whether to use TKIP or AES (or auto-select) will need to be made and then a TKIP or AES-compatible key will need to be specified.

MX: 4.2+

3 WPA/WPA2 This indicates that the network supports both the Wi-Fi Protected Access (WPA) standard and the Wi-Fi Protected Access version 2 (WPA2) standard. This is essentially the same effect as selecting WPA2 since WPA2 supports backward compatibility with WPA.

MX: 4.2+

4 WEP This indicates that the network requires encryption using the older, and less secure, Wired Equivalency Privacy (WEP) standard. A decision about the WEP key size to use will need to be made and then a WEP key of the selected size will need to be specified.

MX: 4.2+

Authentication

Used to specify the Authentication Mode used by the network. When a Security Mode of "Enterprise" is selected, an Authentication Mode must be specified to determine how authentication will be performed as part of the 802.1x EAP type used by the network.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise"

Parm Name: Authentication

Option Name Description Requires
1 EAP-TLS This indicates that the network requires authentication using the 802.1x Extensible Authentication Protocol - Transport Layer Security (EAP-TLS) standard (RFC 5216). EAP-TLS requires a device identity to be specified and requires that a client certificate be specified to prove the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

13 EAP-FAST-GTC This indicates that the network requires authentication using a token generated using a Generic Token Card (GTC) within an anonymous TLS tunnel established using the 802.1x Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST) standard (RFC 5422). EAP-FAST-GTC requires a device identity to be specified and requires that a token value (typically obtained from a physical token device) be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

11 WPA/WPA2 This indicates that the network requires authentication using the Microsoft Challenge Authentication Protocol Version 2 (MSCHAPV2) within an anonymous TLS tunnel established using the 802.1x Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST) standard (RFC 5422). EAP-FAST-MSCHAPV2 requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

8 EAP-TTLS-PAP This indicates that the network requires authentication using the Password Authentication Protocol (PAP) within a secure TLS tunnel established using the 802.1x Extensible Authentication Protocol - Tunneled Transport Layer Security (EAP-TTLS) standard (RFC 5281). EAP-TTLS-PAP requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

6 EAP-TTLS-MSCHAP This indicates that the network requires authentication using the Microsoft Challenge Authentication Protocol (MSCHAP) within a secure TLS tunnel established using the 802.1x Extensible Authentication Protocol - Tunneled Transport Layer Security (EAP-TTLS) standard (RFC 5281). EAP-TTLS-MSCHAP requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

7 EAP-TTLS-MSCHAPV2 This indicates that the network requires authentication using the Microsoft Challenge Authentication Protocol Version 2 (MSCHAPV2) within a secure TLS tunnel established using the 802.1x Extensible Authentication Protocol - Tunneled Transport Layer Security (EAP-TTLS) standard (RFC 5281). EAP-TTLS-MSCHAPV2 requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

4 LEAP This indicates that the network requires authentication using the Lightweight Extensible Authentication Protocol (LEAP) defined by Cisco. LEAP uses a modified version of MSCHAP without a secure tunnel and hence can be easily compromised. LEAP requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. Unlike standard EAP modes, LEAP does not support an optional certificate to help verify the identity of the authentication server.

MX: 4.2+

2 PEAP-MSCHAPV2 This indicates that the network requires authentication using the Microsoft Challenge Authentication Protocol Version 2 (MSCHAPV2) within a secure TLS tunnel established using the Protected Extensible Authentication Protocol, (PEAP) defined by Cisco Systems, Microsoft, and RSA Security. PEAP-MSCHAPV2 requires a device identity to be specified and requires that a password be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

10 PEAP-GTC This indicates that the network requires authentication using a token generated using a Generic Token Card (GTC) within a secure TLS tunnel established using the Protected Extensible Authentication Protocol, (PEAP) defined by Cisco Systems, Microsoft, and RSA Security. PEAP-GTC requires a device identity to be specified and requires that a token value (typically obtained from a physical token device) be specified to prove the authenticity of that device identity. An optional client certificate may also be specified to verify the authenticity of the device identity. In all EAP modes, an optional certificate may be specified to help verify the identity of the authentication server.

MX: 4.2+

14 PEAP-NONE

MX: 5.0+

Identity

Used to specify the Identity, which can be a user name, email address, ID number or other unique identifier. The Identity combines with a Password to form an authentication credential for gaining access to a network. Authentication is required only when "Enterprise" is the selected Security Mode. Once a credential is accepted by the Authentication Server, the Identity is replaced by an encryption key and has no further significance.

Specifying an empty (length of zero) value (or the absence of this parm from the XML) will fail to set an Identity.

Shown if: The Network Action is "Add a New Network" and the Authentication is "PEAP-NONE"

Parm Name: Identity

Requires:

  • MX: 4.2+

Anonymous Identity

Used to specify an Anonymous Identity for systems that support separate authentication outside of a secure tunnel.

When using an EAP type that has a secure tunnel over which authentication credentials can be delivered, it is sometimes necessary to specify an Identity outside the protections of the tunnel. In these cases, an Anonymous Identity can be sent so as not to disclose the actual Identity, password or other verifying credentials. A separate Anonymous Identity can be used only if the Authentication Server is set up to support it.

If no Anonymous Identity is specified, then the actual Identity will be sent outside the tunnel, if required. This may still be secure since the password and/or other verifying credentials are always sent inside the tunnel (in modes that use a tunnel for secure credential delivery). Using the actual Identity outside the tunnel would therefore risk disclosure of only part of the information needed to authenticate.

Parm value input rules:

  • String with a minimum of 0 characters and a maximum of 64 characters

Note: Specifying an empty (length of zero) value (or the absence of this parm from the XML) will fail to set an Anonymous Identity.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is NOT "EAP-TLS" or "LEAP"

Parm Name: AnonymousIdentity

Requires:

  • MX: 4.2+

Password

Used to specify a Password to be used to connect to a network. This parameter name will change according to the value of ProtectPassword:

If ProtectPassword is false:

  • Parm name: PasswordClear
  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is NOT "EAP-TLS"

If Protect Password is true:

  • Parm name: PasswordEncrypted
  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is NOT "EAP-TLS"

Parm value input rules:

  • String with a minimum of 0 characters and a maximum of 64 characters

Note: The encryption process for this parameter value is currently undocumented, and the key required to encrypt is unpublished. Since there is currently no way to store an encrypted, server-supplied password within an XML file, mobile device management (MDM) systems cannot use an encrypted password.

Parm Name: PasswordClear, PasswordEncrypted

Requires:

  • MX: 4.2+

Protect Password

Controls whether passwords will be stored as encrypted or clear text while in transit to the device. Passwords specified in Profile Manager are embedded within an XML file and sent to the device for consumption as part of a configuration. Encrypting a Password using this parameter might be desirable as a security measure to prevent extraction and exploitation in case the XML is intercepted while in transit.

Passwords are stored in clear text on the device unless specifically encrypted using the Protect Password Encryption parameter. Encrypted and clear-text Passwords are stored in a protected area on the device that is inaccessible to users and unauthorized applications.

The Password combines with an Identity to form an authentication credential for gaining access to a network. Authentication is required only when "Enterprise" is the selected Security Mode. All authentication types require a Password except EAP-TLS, which uses a client certificate.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is NOT "EAP-TLS"

Parm Name: ProtectPassword

Requires:

  • MX: 4.2+

Password Protect Encryption

Controls whether the Wi-Fi Password stored on the device is encrypted, thereby preventing access to the clear-text Password on the device by any application or malicious exploit.

Note: Enabling this feature prevents the Google Mobile Service (GMS) backup service from successfully restoring Wi-Fi settings to a device, and might effect the operation other device backup systems.

The Password combines with an Identity to form an authentication credential for gaining access to a network. Authentication is required only when "Enterprise" is the selected Security Mode. All authentication types require a Password except EAP-TLS, which uses a client certificate.

Parm Name: PasswordProtectEncryption

Option Name Description Requires
2 Do not change This value (or the absence of this parm from the XML) will cause no change to the current Password Protect Encryption setting; any previously selected setting will be retained.

MX: 6.1+

1 Enable Causes passwords stored on the device to be encrypted.

MX: 6.1+

0 Disable Disables encryption for passwords stored on the device.

MX: 6.1+

Server Certificate Name

Optional parameter that allows the name of a certificate alias to be used to verify the server.

Parm value input rules:

  • String with a minimum of 0 characters and a maximum of 64 characters

Notes:

  • When Security Mode is "Enterprise," the device will not need to authenticate to an Authentication Server using the defined Authentication type. This will involve sending potentially sensitive authentication credentials to the Authentication Server. Zebra does not recommended this unless the authenticity of the Authentication Server can be verified, for example, ensuring it is not attempting to carry out a "man in the middle" attack.

  • The device contacts and challenges the Authentication Server to assert and prove its Identity through the use of a server certificate. The device must be able to establish the validity of that certificate and must trust the chain of authority of the issuer of that certificate. This would all occur whether or not a Server Certificate Name is specified.

  • By default, a certificate asserted by an Authentication Server will be trusted if it can be verified to have been issued by any trusted certificate authority. If a Server Certificate Name is supplied, the certificate asserted by an Authentication Server will be trusted only if it is verified to have been issued by that specific trusted certificate authority. This increases the security by preventing the use of certificates issued by authorities that are not trusted to issue certificates to authentication servers.

  • Specifying an empty (length of zero) value (or the absence of this parm from the XML) will fail to set the Optional Server Certificate.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is "EAP-TLS" or "PEAP-MSCHAPV2" or "EAP-TTLS-MSCHAP" or "EAP-FAST-MSCHAPV2" or "EAP-TTLS-PAP" or "PEAP-GTC" or "EAP-FAST-MSCHAPV2" or "EAP-FAST-GTC" or "PEAP-NONE"

Parm Name: OptionalServerCertificate

Requires:

  • MX: 4.2+

Optional Client Certificate Name

Optional parameter that allows the name of a client certificate alias to be used to join a network. When Authenticating with EAP types other than EAP-TLS (which would not require a client certificate), a client is still allowed. In this case, the client certificate will be used to authenticate the device to the authentication server as part of the establishment of the secure tunnel over which further authentication credentials will be delivered. The client certificate does not need to be unique, even if the authentication credentials are. The use of a client certificate can introduce an additional level of protection by requiring a device to have a valid client certificate as well as valid authentication credentials. The client certificate serves as a first-pass filter.

Parm value input rules:

  • String with a minimum of 0 characters and a maximum of 64 characters

Note: Specifying an empty (length of zero) value (or the absence of this parm from the XML) will fail to set an Optional Server Certificate.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" the Authentication is "PEAP-MSCHAPV2" or "EAP-TTLS-MSCHAP" or "EAP-TTLS-MSCHAPV2" or "EAP-TTLS-PAP" or "PEAP-GTC" or "EAP-FAST-MSCHAPV2" or "EAP-FAST-GTC" or "PEAP-NONE"

Parm Name: OptionalClientCertificate

Requires:

  • MX: 4.2+

Mandatory Client Certificate Name

Used to specify the name of the certificate alias to be used to join the network (Mandatory). When Authenticating using EAP-TLS, a client certificate is used instead of a Password. When the Authentication type is EAP-TLS, a client certificate must be specified and a Password will not be accepted.

Parm value input rules:

  • String with a minimum of 0 characters and a maximum of 64 characters

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Enterprise" and the Authentication is "EAP-TLS"

Parm Name: MandatoryClientCertificate

Requires:

  • MX: 4.2+

WPA2 Encryption Type

Used to specify the Wi-Fi Protected Access II (WPA2) encryption type to enforce on the network for Wi-Fi log-ins.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" or "Enterprise" and the WPA Mode is WPA2 or WPA/WPA2

Parm Name: EncryptionWPA2

Option Name Description Requires
0 Default This value (or the absence of this parm from the XML) will cause no change to the encryption type that is currently selected on the device; any previously selecting setting will be retained.

MX: 4.2+

1 AES-CCMP Selects use of the Advanced Encryption Standard - Counter mode Cipher block chaining Message authentication code Protocol (AES-CCMP) standard, wherein the AES block cipher is used with a per-packet key length of 128 bits.

MX: 4.2+

2 TKIP Selects use of the Temporal Key Integrity Protocol (TKIP) standard with a per-packet key length of 128 bits.

MX: 4.2+

3 AES-CCMP/TKIP Selects the use of either the AES-CCMP standard or the TKIP encryption standard and the proper encryption type to use can be automatically determined by negotiation with the Wi-Fi infrastructure.

MX: 4.2+

WPA Encryption Type

Used to specify the Wi-Fi Protected Access (WPA) encryption type to enforce on the network for Wi-Fi log-ins. The values that can be selected for Encryption Type will vary based on the selections made for Security Mode and WPA Mode. A selection must always be made for Encryption Type whenever Security Mode is not "Open" (no encryption).

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" or "Enterprise" and the WPA Mode is WPA

Parm Name: EncryptionWPA

Option Name Description Requires
0 Default This value (or the absence of this parm from the XML) cause no change to the encryption type that is currently selected on the device; any previously selected setting will be retained.

MX: 4.2+

1 TKIP Selects use of the Temporal Key Integrity Protocol (TKIP) standard with a per-packet key length of 128 bits.

MX: 4.2+

WEP Encryption Type

Used to specify the Wired Equialent Privacy (WEP) encryption type to enforce on the network for Wi-Fi log-ins.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" or "Enterprise" and the WPA Mode is WEP

Parm Name: EncryptionWEP

Option Name Description Requires
1 WEP-40 Selects use of the Wireless Equivalency Privacy (WEP) standard with a key size of 40 bits.

MX: 4.2+

2 WEP-104 Selects use of the Wireless Equivalency Privacy (WEP) standard with a key size of 104 bits.

MX: 4.2+

Key Type

Used to specify the type of encryption key to be used by the network. A key is specified only when the Security Mode is "Personal" since the "Open" Security Mode does not use encryption and the "Enterprise" Security Mode distributes keys automatically after Authentication.

An encryption key can be specified using either of these methods:

  • A hexadecimal value (the key itself)
  • A passphrase used to generate a key using a pre-defined algorithm

The selected method usually depends on the configuration of the Wi-Fi network because the key must be shared between the Wi-Fi infrastructure and the client. Therefore, they must use a common method to specify the key.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal"

Parm Name: KeyType

Option Name Description Requires
HexKey Hex Key The key used by the network to perform encryption will be specified.

MX: 4.2+

Passphrase Passphrase A passphrase derived from the specified key and used by the network to perform encryption.

MX: 4.2+

Protect Key

Enables encryption of the Key. The Key (or the Passphrase used to generate a Key) is generally considered sensitive information since having the Key for a network grants access to that network. Since the Key or Passphrase must be embedded within the XML, it is often desirable to encrypt the Key or Passphrase so it cannot be extracted and exploited if the XML is intercepted. The specified WPA Mode and the Key Type determine what type of Key or Passphrase must used. The value selected for the ProtectKey parameter deterimes whether the Key or Passphrase will be specified as clear or encrypted text.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal"

Parm Name: KeyType

Requires:

  • MX: 4.2+

Passphrase

Controls whether the Key will be encrypted. When the Key Type is Passphrase, then the specified Passphrase will be used to generate the Key. The required Passphrase will vary depending on the WPA Mode specified (WEP or WPA Passphrase).

Note: Currently, the parm value encryption process is not documented and the key that is needed to encrypt is not published. Therefore, an MDM cannot currently use encrypted Keys or Passphrases since there is no way to store an encrypted, server-supplied password in XML file.

If WEP is selected and Protect Key is false:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Passphrase" and the WPA Mode is "WEP" and Protect Key is false
  • Parm name: PassphraseWEPClear
  • Parm value input rules:
    • String with a minimum of 4 characters and a maximum of 32 characters

If WEP is selected and Protect Key is true:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Passphrase" and the WPA Mode is "WEP" and Protect Key is true
  • Parm name: PassphraseWEPEncrypted
  • Parm value input rules:
    • String with a minimum of 4 characters and a maximum of 32 characters
  • Currently, this parm cannot be used effectively by an MDM.

If WEP is not selected and Protect Key is false:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Passphrase" and the WPA Mode is not "WEP" and Protect Key is false
  • Parm name: PassphraseWPAClear
  • Parm value input rules:
    • String with a minimum of 8 characters and a maximum of 63 characters

If WEP is not selected and Protect Key is true:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Passphrase" and the WPA Mode is not "WEP" and Protect Key is true
  • Parm name: PassphraseWPAEncrypted
  • Parm value input rules:
    • String with a minimum of 8 characters and a maximum of 63 characters
  • Currently, this parm cannot be used effectively by an MDM.

Parm Name: PassphraseWEPClear, PassphraseWEPEncrypted, PassphraseWPAClear, PassphraseWPAEncrypted

Requires:

  • MX: 4.2+

Hex Key

When Key Type is Hex Key, then a Key, which is expressed as a sequence of hexadecimal characters, needs to be specified. The type of Key required will vary based on the WPA Mode and Encryption Type specified, since it will need to be either a WEP 40 bit Key, a WEP 104 bit Key, or a 256 bit TKIP/AES-CCMP Key.

Note: Currently, the parm value encryption process is not documented and the key that is needed to encrypt is not published. Therefore, an MDM cannot currently use encrypted Keys or Passphrases since there is no way to store an encrypted, server-supplied password in an XML.

If WEP is not selected and Protect Key is false:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is not "WEP" and Protect Key is false
  • Parm name: HexKeyClear
  • Description: Provide the hex key (64 hex chars) used by network
  • Parm value input rules:
    • String with exactly 64 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 256 bit binary key value that can be used for either TKIP or AES-CCMP encryption.

If WEP is not selected and Protect Key is true:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is not "WEP" and Protect Key is true
  • Parm name: HexKeyEncrypted
  • Description: Provide the hex key (64 hex chars) used by network
  • Parm value input rules:
    • String with exactly 64 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 256 bit binary key value that can be used for either TKIP or AES-CCMP encryption.
  • Currently, this parm cannot be used effectively by an MDM.

If WEP is selected, the encryption type is WEP-40, and Protect Key is false:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is "WEP" and the Encryption Type is "WEP-40" and Protect Key is false
  • Parm name: HexKeyWep40Clear
  • Description: Provide the shared secret WEP-40 key (10 hex chars) used by the network
  • Parm value input rules:
    • String with exactly 10 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 40 bit binary key value that can be used for either WEP encryption.

If WEP is selected, the encryption type is WEP-40, and Protect Key is true:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is "WEP" and the Encryption Type is "WEP-40" and Protect Key is true
  • Parm name: HexKeyWep40Encrypted
  • Description: Provide the shared secret WEP-40 key (10 hex chars) used by the network
  • Parm value input rules:
    • String with exactly 10 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 40 bit binary key value that can be used for either WEP encryption.
  • Currently, this parm cannot be used effectively by an MDM.

If WEP is selected, the encryption type is WEP-104, and Protect Key is false:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is "WEP" and the Encryption Type is "WEP-104" and Protect Key is false
  • Parm name: HexKeyWep104Clear
  • Description: Provide the shared secret WEP-104 key (26 hex chars) used by the network
  • Parm value input rules:
    • String with exactly 26 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 104 bit binary key value that can be used for either WEP encryption.

If WEP is selected, the encryption type is WEP-104, and Protect Key is true:

  • Settable if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the Key Type is "Hex Key" and the WPA Mode is "WEP" and the Encryption Type is "WEP-104" and Protect Key is true
  • Parm name: HexKeyWep104Encrypted
  • Description: Provide the shared secret WEP-104 key (26 hex chars) used by the network
  • Parm value input rules:
    • String with exactly 26 valid hexadecimal characters (e.g. 0-9, A-F) that collectively specify a 104 bit binary key value that can be used for either WEP encryption.
  • Currently, this parm cannot be used effectively by an MDM.

Parm Name: HexKeyWEPClear, HexKeyWEPEncrypted, HexKeyWPAClear, HexKeyWPAEncrypted

Requires:

  • MX: 4.2+

WEP Key Index

Some Wi-Fi infrastructure that implements a network using WEP encryption may support multiple WEP keys and a WEP index to indicate which key to use at any given time.

Note: Android does not currently support multiple WEP keys per network. Therefore, only the first WEP key (wep[0]) is supported.

Shown if: The Network Action is "Add a New Network" and the Security Mode is "Personal" and the WPA Mode is "WEP"

Parm Name: WepKeyIndex

Option Name Description Requires
1 wep[0]

MX: +

2 wep[1]

MX: +

3 wep[2]

MX: +

4 wep[3]

MX: +

Set IP Address

Used to specify a static IP address for the device. Must be an address that is unique to the network on which the device will operate.

Parm value input rules:

  • String containing a valid IPv4 address. For example: "192.168.0.100"

Shown if: The Network Action is "Add a New Network" and "Use DHCP" box is unchecked

Parm Name: IpAddress

Requires:

  • MX: 4.2+

Set Default Gateway

Used to specify the IP address of the default gateway for the device, through which packets to and from outside networks are routed. This parameter is required only if the device must have access to (or from) networks beyond its local subnet.

Parm value input rules:

  • String containing a valid IPv4 address. For example: "192.168.0.1"

Shown if: The Network Action is "Add a New Network" and "Use DHCP" box is unchecked

Parm Name: IpGateway1

Requires:

  • MX: 4.2+

Set Subnet Mask

Used to specify a subnet mask for the device, which defines the network subdivision on which the device will operate.

Parm value input rules:

  • String containing a valid IPv4 address. For example: "255.255.255.0"

Shown if: The Network Action is "Add a New Network" and "Use DHCP" box is unchecked

Parm Name: IpMask

Requires:

  • MX: 4.2+

Set Primary DNS

Used to specify the primary domain name server for the device. This parameter is required only if DNS name resolution is required for the device.

Parm value input rules:

  • String containing a valid IPv4 address. For example: "8.8.8.8"

Shown if: The Network Action is "Add a New Network" and "Use DHCP" box is unchecked

Parm Name: IpDns1

Requires:

  • MX: 4.2+

Set Secondary DNS

Used to specify a secondary domain name server for the device. This parameter is required only if an alternate DNS is required for the device.

Parm value input rules:

  • String containing a valid IPv4 address. For example: "8.8.4.4"

Shown if: The Network Action is "Add a New Network" and "Use DHCP" box is unchecked

Parm Name: IpDns2

Requires:

  • MX: 4.2+

Use Proxy

Controls use of a proxy, an intermediary service that routes HTTP traffic between clients on a device and another network (typically the internet or an intranet). When used, proxy settings can be configured manually can be contained in a PAC file for automatic configuration. When there is a proxy between the Wi-Fi network and some outer network, HTTP-based applications might need to negotiate with the proxy to access the services of the outer network.

In MX 5.0 and higher, the data type for this parameter changed from a boolean (1=true; 0=false) to a value selected from the UseProxy list below.

Parm Name: UseProxy

Option Name Description Requires
0 None Since MX 5.0 the use of a code over a boolean value was implemented. This value was unaffected.

MX: 5.0+

1 Manual Since MX 5.0 the use of a code over a boolean was implemented. This value indicates a Manual Proxy.

MX: 5.0+

3 Proxy Auto-Config Automatically use a proxy. This value was introduced in MX 5.0.

MX: 5.0+

Proxy Host Name

Provide the Host Name or IP Address of the computer on which the proxy is running. Host Name can be used only if the network provides suitable name resolution. Otherwise, an IP Address would need to be provided.

Since different Wi-Fi networks may have different proxies connecting them to different outer networks, proxy information, if needed, must be configured for each network.

Parm value input rules:

  • String with a minimum of 1 characters and a maximum of 64 characters

Shown if: The Network Action is "Add a New Network" and "Use Proxy" is set to manual.

Parm Name: ProxyHostName

Requires:

  • MX: 4.2+

PAC File Url

Provide the Host Name or IP Address of the location of where the proxy PAC file is located. This can be used only if the network provides suitable name resolution. Otherwise, an IP Address would need to be provided.

Since different Wi-Fi networks may have different proxies connecting them to different outer networks, proxy information, if needed, must be configured for each network.

Parm value input rules:

  • String with a minimum of 1 characters and a maximum of 64 characters

Shown if: The Network Action is "Add a New Network" and "Use Proxy" is set to Proxy Auto-Config.

Parm Name: PROXYPAC

Requires:

  • MX: 5.0+

Proxy Bypass

Used to specify the host name(s) and/or IP address(es) for direct access by a device, bypassing the Proxy server specified in the Proxy Host Name parameter. Multiple names and/or IP addresses can be specified in any combination, separated by commas. Generally used for specifying internal servers and/or as a means to prevent traffic overload on the specified Proxy server. Traffic bound for any host not specifically excluded using this parameter will be routed through the specified Proxy server.

Zebra recommends testing bypass-proxy settings on a working device before general deployment.

Input rules:

  • String from 1-256 characters specifying one or more host names and/or IP addresses separated by commas. For example: "www.MyBypassProxy.com,192.168.1.100, our.internalServer"

Shown if: The Network Action is "Add a New Network" and "Use Proxy" is set to manual.

Parm Name: BypassProxy

Requires:

  • MX: 4.2+

Proxy Port

Provide the port number of the proxy server on the computer on which the proxy is running on which the proxy is listening.

Shown if: The Network Action is "Add a New Network" and "Use Proxy" is set to manual.

Parm Name: ProxyPort

Requires:

  • MX: 4.2+

Advanced Options

Use of Wi-Fi Advanced Options requires the following:

  • PMKID must be turned on to enable PreAuth (PreAuth =1 and PMKID =1)
  • FT must be turned on to enable FTRIC (FT=1 and FTRIC =1)
  • OKC must be turned off (OKC =0 and PMKID =1) to use PMKID caching

WARNING: Wi-Fi Advanced Options should be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced settings can result in undesirable behavior.

Use Advanced Options (checkbox)

Controls Wi-Fi Advanced Options, which whould be used only under the guidance of Zebra Support. Do not use these features unless told to do so by qualified personnel; altering advanced options can result in undesirable device behavior.

Parm Name: UseAdvancedOptions

Option Name Description Requires
1 (checked) Enables the use of Wi-Fi Advanced Options on the device.

MX: 4.2+

0 (unchecked) Disables the use of Wi-Fi Advanced Options on the device.

MX: 4.2+

Auto Time Config

Used to enable/disable AutoTimeConfig feature, a Zebra-specific feature that updates the device timestamp based on Zebra IE in the 802.11 beacon. Not supported on TC70 QC GA1/GA2 running Android KitKat.

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: AutoTimeConfig

Requires:

  • MX: 4.2+

HFSR

Used to enable/disable Hyper Fast Secure Roam (HFSR), Zebra's fast roam algorithm. Not supported on TC70 QC GA1/GA2, TC75 GA and TC55 GA devices running Android KitKat.

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: HFSR

Requires:

  • MX: 4.2+

Aggregated Fast Transition

Controls the Fast Transition roam algorithm (802.11r), which improves on IEEE 802.11r Over-the-DS fast roaming. When used in conjunction with Zebra wireless LAN infrastructure, the device will achieve more reliable and consistent fast roaming. Enabled by default.

Not supported on TC70 QC GA1 devices running Android KitKat.

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: FT

Requires:

  • MX: 4.2+

CKM

Used to enable/disable the CCX roam algorithm (CCKM).

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: CCKM

Requires:

  • MX: 4.2+

FTRIC

Used to enables/disable the Fast Transition Resource Request (802.11r). Not supported on TC70 QC GA1/GA2, TC75 GA or TC55 GA devices running Android KitKat.

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: FTRIC

Requires:

  • MX: 4.2+

OKC

Used to enable/disable Opportunistic Key Caching (OKC).

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: OKC

Requires:

  • MX: 4.2+

PreAuth

Used to enable/disable 802.1x Pre-Authentication. Not supported on TC70 QC GA1/GA2 or TC75 GA devices running Android KitKat.

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: PreAuth

Requires:

  • MX: 4.2+

Power Save Mode

Used to configure the Power Save Mode from the settings table below. The default "Fast Power Save" value must be used for the "Power Save" parameter; the "Do not change" value will result in failure.

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: PowerSave

Option Name Description Requires
0 Do not change

MX: 4.2+

1 Always Active

MX: 4.2+

2 Fast Power Save (Deprecated)

MX: 4.2+

3 Max Power Save (Deprecated)

MX: 4.2+

4 WMM-PS

MX: 4.4+

5 Null Data Power Save

MX: 4.4+

6 PS-POLL

MX: 4.4+

99 Unsupported

MX: 6.2+

PMKID

Used to enable/disable PMKID Caching. If PMKID is enabled, OKC must be disabled for PMKID caching to operate.

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: PMKID

Requires:

  • MX: 4.2+

WLAN Power Save Mode

Used to select the Power Save Mode for the WLAN radio.

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: WLANPowerSave

Option Name Description Requires
0 WMM-PS

MX: 4.3+

1 Null Data Power Save

MX: 4.3+

2 PS-POLL

MX: 4.3+

3 Do not change

MX: 4.3+

99 Unsupported

MX: 6.2+

Advanced Logging

Used to start or stop advanced Wi-Fi logging.

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: AdvancedLogging

Requires:

  • MX: 4.2+

Enable Restricted Settings UI

Used to enable/disable read-only mode for Wi-Fi settings according to the values in the table below. Not supported on TC70 QC GA1/GA2 running Android KitKat.

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: PowerSave

Option Name Description Requires
0 Do not change

MX: +

1 Disable Restricted WLAN Settings UI

MX: +

2 Enable Restricted WLAN Settings UI

MX: +

FIPS

Used to enable/disable FIPS data in motion supported in WLAN. WLAN FIPS 140-2, level 1 compliance. Not supported on TC70 QC GA1/GA2, TC75 GA or TC55 GA devices running Android KitKat.

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: FIPS

Requires:

  • MX: 4.2+

Radio Resource Management (802.11k)

Used to enable/disable Radio Resource Management, which measures transmit power, data rates and other wireless characteristics in an effort to optimize communication efficiency. Not supported on TC70 QC GA1/GA2 running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: 802.11K

Requires:

  • MX: 4.3+

Management Frame Protection Mode (802.11w)

Used to specify the Management Frame Protection Mode from the values in the table below. Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: 802.11w

Option Name Description Requires
0 No MFP

MX: 4.3+

1 Capable

MX: 4.3+

2 Mandatory

MX: 4.3+

3 Do not change

MX: 4.3+

99 Unsupported

MX: 6.2+

Select Band Preference

Used to specify the preferred Wi-Fi band. Not supported on MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: BandPreference

Option Name Description Requires
0 No Preference

MX: 4.3+

1 Prefer 2.4GHz

MX: 4.3+

2 Prefer 5.0GHz

MX: 4.3+

3 Do not change

MX: 4.3+

99 Unsupported

MX: 6.2+

FT Over The DS

Used to enable/disable Fast Transition over the Distribution System (FTOverTheDS). Enabled by default. Also known as 802.11r Over-the-DS, this fast roam standard reduces the number frames exchanged when the device roams from one AP to another if the infrastructure supports it. Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: FTOverTheDS

Requires:

  • MX: 4.3+

ScanAssist

Used to enable/disable ScanAssist. This feature improves roaming on Zebra devices by allowing the device to monitor neighboring access points to retrieve roam-related information from the Zebra wireless LAN infrastructure without doing scans. Enabled by default.

Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: ScanAssist

Requires:

  • MX: 4.3+

AggregatedFT

Used to enable/disable the AggregatedFT feature. Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: AggregatedFT

Requires:

  • MX: 4.3+

Coverage Hole Detection

Used to enable/disable Coverage Hole Detection, which reports gaps in signal coverage to the Zebra wireless LAN infrastructure. Enabled by default. Network administrators can detect and mitigate coverage gaps present in the network for greater reliability. Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: CHD

Requires:

  • MX: 4.3+

Subnet Roam

Used to enable subnet roaming. Not supported on TC70 QC GA1/GA2, TC75 GA, or TC55 GA devices running Android KitKat, or MPA3 RevB-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: SubNetRoam

Requires:

  • MX: 4.4+

WAN Country

Used to enable/disable WAN Country, which obtains country information from the WAN Interface (GSM/CDMA base station) and applies regulatory rules based on the Country Code received. Supported only on WAN based devices. Not supported on TC70 QC GA1/GA2 running Android KitKat, or MPA3 RevB- or RevC-based devices running Android Jelly Bean.

Important: Wi-Fi Advanced Options should be used only at the direction of Zebra Support or other qualified personnel. Altering this setting can result in undesirable behavior.

Shown if: The "Use Advanced Options" box is checked.

Parm Name: WANCountry

Requires:

  • MX: 4.3+

Use Hotspot Options (checkbox)

Determines whether the device can be used as a Wi-Fi hotspot. Hotspot functionality is supported only on Zebra ET50 and ET56 devices running Android 5.0 Lollipop.

Parm Name: UseHotspotOptions

Option Name Description Requires
0 (unchecked) Prevents the device from being used as a Wi-Fi hotspot.

MX: 6.3+

1 (checked) Allows the device to be used as a Wi-Fi hotspot.

MX: 6.3+

Hotspot Enable/Disable

This is the On/Off switch for hotspot functionality on the device. When enabled, the device uses the settings configured with the hotspot parameters below to act as an access point for nearby devices to connect to the internet, sharing the device's Wi-Fi or cellular connection. Hotspot functionality is supported only on Zebra ET50 and ET56 devices running Android 5.0 Lollipop.

Shown if: The "Use Hotspot Options" checkbox is checked

Parm Name: Hotspot

Option Name Description Requires
2 Do not change This value (or the absence of this parm from the XML) will cause no change to the current Wi-Fi setting; any previously selected setting will be retained.

MX: 6.3+

1 Enable Enables the device to be used as a Wi-Fi hotspot.

MX: 6.3+

0 Disable Disables use of the device as a Wi-Fi hotspot.

MX: 6.3+

Hotspot SSID

Used to specify the Wi-Fi hotspot Service Set Identifier (SSID), the name visible to devices attempting to select the hotspot as an internet access point.

Parm value input rules:

  • String from 1-32 characters containing the desired SSID (case sensitive)

Shown if: The "Specify Hotspot Options" checkbox is checked and "Hotspot" is set to "Enable"

Parm Name: HotspotSSID

Requires:

  • MX: 6.3+

Hotspot RF Band

Used to specify which RF band(s) the device will use for 802.11 communications when configured as a Wi-Fi hotspot. This parameter is usually set automatically through negotiation with the Wi-Fi infrastructure. However, it might sometimes be desirable to limit Wi-Fi communications to certain bands, leaving other bands free for other purposes.

Shown if: The "Specify Hotspot Options" checkbox is checked and "Hotspot" is set to "Enable"

Parm Name: Hotspotband

Option Name Description Requires
0 2.4GHz Enables the 2.4GHz band for hotspot communications.

MX: 6.3+

1 5GHz Enables the 5GHz band for hotspot communications.

MX: 6.3+

Set Hotspot 2.4GHz Channel

Used to set the Wi-Fi communication channel to be used by devices connecting to the device to its Wi-Fi hotspot on the 2.4GHz band.

Shown if: The "Specify Hotspot Options" checkbox is checked and "Hotspot Band" is "2.4GHz"

Parm Name: Hotspot24GHz

Option Name Description Requires
1 1 Selects channel 1 on the 2.4GHz band

MX: 6.3+

2 1 Selects channel 2 on the 2.4GHz band

MX: 6.3+

3 3 Selects channel 3 on the 2.4GHz band

MX: 6.3+

4 4 Selects channel 4 on the 2.4GHz band

MX: 6.3+

5 5 Selects channel 5 on the 2.4GHz band

MX: 6.3+

6 6 Selects channel 6 on the 2.4GHz band

MX: 6.3+

7 7 Selects channel 7 on the 2.4GHz band

MX: 6.3+

8 8 Selects channel 8 on the 2.4GHz band

MX: 6.3+

9 9 Selects channel 9 on the 2.4GHz band

MX: 6.3+

10 10 Selects channel 10 on the 2.4GHz band

MX: 6.3+

11 11 Selects channel 11 on the 2.4GHz band

MX: 6.3+

Set Hotspot 5GHz Channel

Used to set the Wi-Fi communication channel to be used by devices connecting to the device to its Wi-Fi hotspot on the 5GHz band. This band is not supported on Zebra ET50 and ET56 devices.

Shown if: The "Specify Hotspot Options" checkbox is checked and "Hotspot Band" is "5GHz"

Parm Name: Hotspot5GHz

Option Name Description Requires
36 36 Selects channel 36 on the 5GHz band

MX: 6.3+

40 40 Selects channel 40 on the 5GHz band

MX: 6.3+

44 44 Selects channel 44 on the 5GHz band

MX: 6.3+

48 48 Selects channel 48 on the 5GHz band

MX: 6.3+

52 52 Selects channel 52 on the 5GHz band

MX: 6.3+

60 60 Selects channel 60 on the 5GHz band

MX: 6.3+

64 64 Selects channel 64 on the 5GHz band

MX: 6.3+

100 100 Selects channel 100 on the 5GHz band

MX: 6.3+

104 104 Selects channel 104 on the 5GHz band

MX: 6.3+

108 108 Selects channel 108 on the 5GHz band

MX: 6.3+

112 112 Selects channel 112 on the 5GHz band

MX: 6.3+

116 116 Selects channel 116 on the 5GHz band

MX: 6.3+

120 120 Selects channel 120 on the 5GHz band

MX: 6.3+

124 124 Selects channel 124 on the 5GHz band

MX: 6.3+

128 128 Selects channel 128 on the 5GHz band

MX: 6.3+

132 132 Selects channel 132 on the 5GHz band

MX: 6.3+

136 136 Selects channel 136 on the 5GHz band

MX: 6.3+

140 140 Selects channel 140 on the 5GHz band

MX: 6.3+

149 149 Selects channel 149 on the 5GHz band

MX: 6.3+

153 153 Selects channel 153 on the 5GHz band

MX: 6.3+

157 157 Selects channel 157 on the 5GHz band

MX: 6.3+

161 161 Selects channel 161 on the 5GHz band

MX: 6.3+

165 165 Selects channel 165 on the 5GHz band

MX: 6.3+

Hotspot Security Mode

Controls whether user credentials will be required on a device before allowing it to connect to the Wi-Fi hotspot.

Shown if: The "Specify Hotspot Options" checkbox is checked and "Hotspot" is set to "Enable"

Parm Name: HotspotSecurityMode

Option Name Description Requires
0 Open Allows any device to connect to the Wi-Fi hotspot without entering credentials.

MX: 6.3+

1 WPA2/PSK Requires user credentials to be entered before allowing a connection to the Wi-Fi hotspot.

MX: 6.3+

Hotspot Passphrase Clear

Used to provide a password for accessing the hotspot and to store it as clear text.

Parm value input rules:

  • String from 1-32 characters containing the hotspot password

Shown if: The "Specify Hotspot Options" is checked, the "Protect Hotspot Passphrase" checkbox is unchecked and "Hotspot" is set to "Enable"

Parm Name: HotspotPassphraseClear

Requires:

  • MX: 6.3+

Protect Hotspot Passphrases (checkbox)

Determines whether the hotspot password stored on the device is encrypted, thereby preventing access to the password by an application or malicious exploit.

Shown if: Hotspot is set to "Enable" and Hotspot Security mode is not "Open"

Parm Name: ProtectHotspotPassphrases

Option Name Description Requires
0 (unchecked) Stores hotspot passwords as clear text

MX: 6.3+

1 (checked) Stores hotspot password as encrypted text

MX: 6.3+

Hotspot Passphrase Encrypted

Used to provide a password for accessing the hotspot and to store it in encrypted form.

Parm value input rules:

  • String from 1-32 characters containing the hotspot password

Shown if: The "Specify Hotspot Options" and "Protect Hotspot Passphrase" checkboxes are checked, "Hotspot" is set to "Enable" and "Hotspot Security Mode" is "WPA2/PSK"

Parm Name: HotspotPassphraseEncrypted

Requires:

  • MX: 6.3+

Use OmniTrail Options (checkbox)

Determines whether OmniTrail device location services are used and their options configurable.

Parm Name: UseOmniTrailOptions

Option Name Description Requires
0 (unchecked) Disables OmniTrail device location services and options.

MX: 6.3+

1 (checked) Enables OmniTrail device location services and options.

MX: 6.3+

OmniTrail Enable/Disable

This is the On/Off switch for OmniTrail location services and options on the device.

Shown if: The "Specify OmniTrail Options" checkbox is checked

Parm Name: OmniTrailEnable

Option Name Description Requires
2 Do not change This value (or the absence of this parm from the XML) will cause no change to the current Wi-Fi setting; any previously selected setting will be retained.

MX: 6.3+

1 Enable Enables OmniTrail device location services and options.

MX: 6.3+

0 Disable Disables OmniTrail device location services and options.

MX: 6.3+

OmniTrail Data-Rate Option

Controls the Wi-Fi operating mode to be used by OmniTrail device location services.

Shown if: The "Specify OmniTrail Options" checkbox is checked

Parm Name: OmniTrailDataRateOption

Option Name Description Requires
0 abg Sets Wi-Fi for 802.11abg mode.

MX: 6.3+

1 11n Sets Wi-Fi for 802.11n mode.

MX: 6.3+

2 11ac Sets Wi-Fi for 802.11ac mode.

MX: 6.3+

3 Do not change This value (or the absence of this parm from the XML) will cause no change to the current Wi-Fi setting; any previously selected setting will be retained.

MX: 6.3+

OmniTrail "abg" Data Rates

Sets the data rate used when OmniTrail device location services operate in 802.11abg mode.

Shown if: The "Specify OmniTrail Options" checkbox is checked and "OmniTrail DataRate Options" is set to "abg"

Parm Name: datarate_abg

Option Name Description Requires
0 1 Sets the data rate to 1 Mbps

MX: 6.3+

1 2 Sets the data rate to 2 Mbps

MX: 6.3+

2 5.5 Sets the data rate to 5.5 Mbps

MX: 6.3+

3 6 Sets the data rate to 6 Mbps

MX: 6.3+

4 9 Sets the data rate to 9 Mbps

MX: 6.3+

5 11 Sets the data rate to 11 Mbps

MX: 6.3+

6 12 Sets the data rate to 12 Mbps

MX: 6.3+

7 18 Sets the data rate to 18 Mbps

MX: 6.3+

8 24 Sets the data rate to 24 Mbps

MX: 6.3+

9 36 Sets the data rate to 36 Mbps

MX: 6.3+

10 48 Sets the data rate to 48 Mbps

MX: 6.3+

11 54 Sets the data rate to 54 Mbps

MX: 6.3+

OmniTrail "11ac" Data Rates

Sets the data rate used when OmniTrail device location services operate in 802.11ac mode.

Shown if: The "Specify OmniTrail Options" checkbox is checked and "OmniTrail DataRate Options" is set to "11ac"

Parm Name: datarate_11ac

Option Name Description Requires
28 MCS0_1 Sets the data rate to 29.3 Mbps

MX: 6.3+

29 MCS1_1 Sets the data rate to 58.5 Mbps

MX: 6.3+

30 MCS2_1 Sets the data rate to 87.8 Mbps

MX: 6.3+

31 MCS3_1 Sets the data rate to 117 Mbps

MX: 6.3+

32 MCS4_1 Sets the data rate to 175.5 Mbps

MX: 6.3+

33 MCS5_1 Sets the data rate to 234 Mbps

MX: 6.3+

34 MCS6_1 Sets the data rate to 263.3 Mbps

MX: 6.3+

35 MCS7_1 Sets the data rate to 292.5 Mbps

MX: 6.3+

36 MCS8_1 Sets the data rate to 351 Mbps

MX: 6.3+

37 MCS9_1 Sets the data rate to 390 Mbps

MX: 6.3+

38 MCS0_2 Sets the data rate to 58.5 Mbps

MX: 6.3+

39 MCS1_2 Sets the data rate to 117 Mbps

MX: 6.3+

40 MCS2_2 Sets the data rate to 175.5 Mbps

MX: 6.3+

41 MCS3_2 Sets the data rate to 234 Mbps

MX: 6.3+

42 MCS4_2 Sets the data rate to 351 Mbps

MX: 6.3+

43 MCS5_2 Sets the data rate to 468 Mbps

MX: 6.3+

44 MCS6_2 Sets the data rate to 526.5 Mbps

MX: 6.3+

45 MCS7_2 Sets the data rate to 585 Mbps

MX: 6.3+

46 MCS8_2 Sets the data rate to 702 Mbps

MX: 6.3+

47 MCS9_2 Sets the data rate to 780 Mbps

MX: 6.3+

OmniTrail "11n" Data Rates

Sets the data rate used when OmniTrail device location services operate in 802.11n mode.

Shown if: The "Specify OmniTrail Options" checkbox is checked and "OmniTrail DataRate Options" is set to "11n"

Parm Name: datarate_11n

Option Name Description Requires
12 MCS0 Sets the data rate to 6.5 Mbps

MX: 6.3+

13 MCS1 Sets the data rate to 13 Mbps

MX: 6.3+

14 MCS2 Sets the data rate to 19.5 Mbps

MX: 6.3+

15 MCS3 Sets the data rate to 26 Mbps

MX: 6.3+

16 MCS4 Sets the data rate 39 Mbps

MX: 6.3+

17 MCS5 Sets the data rate to 52 Mbps

MX: 6.3+

18 MCS6 Sets the data rate 58.5 Mbps

MX: 6.3+

19 MCS7 Sets the data rate 65 Mbps

MX: 6.3+

20 MCS8 Sets the data rate 13 Mbps

MX: 6.3+

21 MCS9 Sets the data rate to 26 Mbps

MX: 6.3+

22 MCS10 Sets the data rate to 39 Mbps

MX: 6.3+

23 MCS11 Sets the data rate to 52 Mbps

MX: 6.3+

24 MCS12 Sets the data rate to 78 Mbps

MX: 6.3+

25 MCS13 Sets the data rate to 104 Mbps

MX: 6.3+

26 MCS14 Sets the data rate to 117 Mbps

MX: 6.3+

27 MCS15 Sets the data rate to 130 Mbps

MX: 6.3+

OmniTrail Type

Specifies the type of OmniTrail services to be used according to the access points in use at the facility.

Shown if: The "Specify OmniTrail Options" checkbox is checked

Parm Name: OmniTrailType

Option Name Description Requires
2 Do not change This value (or the absence of this parm from the XML) will cause no change to the current Wi-Fi setting; any previously selected setting will be retained.

MX: 6.3+

1 Enable Enables OmniTrail services for Extreme Networks APs.

MX: 6.3+

0 Disable Enables OmniTrail services for Cisco APs.

MX: 6.3+

OmniTrail Subtype

Used to select the OmniTrail Subtype, which configures additional settings for the Wi-Fi access point selected in OmniTrailType parameter.

Shown if: The "Specify OmniTrail Options" checkbox is checked

Parm Name: OmniTrailSubtype

Option Name Description Requires
16 Do not change This value (or the absence of this parm from the XML) will cause no change to the current Wi-Fi setting; any previously selected setting will be retained.

MX: 6.3+

0 0 Sets the OmniTrail Subtype to 0.

MX: 6.3+

1 1 Sets the OmniTrail Subtype to 1.

MX: 6.3+

2 1 Sets the OmniTrail Subtype to 2.

MX: 6.3+

3 3 Sets the OmniTrail Subtype to 3.

MX: 6.3+

4 4 Sets the OmniTrail Subtype to 4.

MX: 6.3+

5 5 Sets the OmniTrail Subtype to 5.

MX: 6.3+

6 6 Sets the OmniTrail Subtype to 6.

MX: 6.3+

7 7 Sets the OmniTrail Subtype to 7.

MX: 6.3+

8 8 Sets the OmniTrail Subtype to 8.

MX: 6.3+

9 9 Sets the OmniTrail Subtype to 9.

MX: 6.3+

10 10 Sets the OmniTrail Subtype to 10.

MX: 6.3+

11 11 Sets the OmniTrail Subtype to 11.

MX: 6.3+

12 12 Sets the OmniTrail Subtype to 12.

MX: 6.3+

13 13 Sets the OmniTrail Subtype to 13.

MX: 6.3+

14 14 Sets the OmniTrail Subtype to 14.

MX: 6.3+

15 15 Sets the OmniTrail Subtype to 15.

MX: 6.3+

OmniTrail Priority

Used to assign a Priority to the OmniTrail service from lowest (0) to highest (3).

Shown if: The "Specify OmniTrail Options" checkbox is checked

Parm Name: OmniTrailPriority

Option Name Description Requires
4 Do not change This value (or the absence of this parm from the XML) will cause no change to the current Wi-Fi setting; any previously selected setting will be retained.

MX: 6.3+

0 0 Sets the OmniTrail Priority to 0 (lowest).

MX: 6.3+

1 1 Sets the OmniTrail Priority to 1.

MX: 6.3+

2 2 Sets the OmniTrail Priority to 2.

MX: 6.3+

3 3 Sets the OmniTrail Priority to 3 (highest).

MX: 6.3+

OmniTrail Channel

Used to specify as many as four (4) OmniTrail Channels from the 2.4GHz and/or 5GHz bands to which to apply OmniTrail device-location services.

Parm value input rules:

  • String containing a comma-separated list of 1-4 channels from 2.4GHz and/or 5GHz bands

Shown if: The "Specify OmniTrail Options" checkbox is checked

Parm Name: OmniTrailChannel

Requires:

  • MX: 6.3+

Examples

Managing Certificates Related to Wi-Fi Networks

Initialize the Android KeyStore

Note: Must be done for any new device before installing certificates.

Without a password:


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="4"/>
    </characteristic>
</wap-provisioningdoc>


With a password:


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="4"/>
        <characteristic type="keystore-details">
            <parm name="KeystorePassword" value="password"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Remove a Certificate:


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="2"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName1"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Install a CA certificate (.PEM file):


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="1"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName2"/>
            <parm name="CertType" value="5"/>
            <parm name="CertMethod" value="2"/>
            <parm name="CertFileCA" value="/path/to/cert.pem"/>
            <parm name="CertAdjustClock" value="false"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Install a client certificate (.PEM file):


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="1"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName2"/>
            <parm name="CertType" value="6"/>
            <parm name="CertMethod" value="2"/>
            <parm name="CertFileClient" value="/path/to/cert.pem"/>
            <parm name="CertAdjustClock" value="false"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Install a client certificate and private key (.PFX file):


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="1"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName2"/>
            <parm name="CertType" value="8"/>
            <parm name="CertMethod" value="2"/>
            <parm name="CertFileClient" value="/path/to/cert.pem"/>
            <parm name="CertAdjustClock" value="false"/>
            <parm name="PrivateKeyPassword" value="pass"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Install a client certificate and private key (.P12 file):


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="1"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName2"/>
            <parm name="CertType" value="9"/>
            <parm name="CertMethod" value="2"/>
            <parm name="CertFileClient" value="/path/to/cert.pem"/>
            <parm name="CertAdjustClock" value="false"/>
            <parm name="PrivateKeyPassword" value="pass"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Install a client certificate and private key (.PKCS12 file):


<wap-provisioningdoc>
    <characteristic type="CertMgr" version="4.2" >
        <parm name="CertAction" value="1"/>
        <characteristic type="cert-details">
            <parm name="CertAlias" value="certName2"/>
            <parm name="CertType" value="9"/>
            <parm name="CertMethod" value="10"/>
            <parm name="CertFileClient" value="/path/to/cert.pem"/>
            <parm name="CertAdjustClock" value="false"/>
            <parm name="PrivateKeyPassword" value="pass"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Country Selection

Selecting a Country:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="1"/>
        <characteristic type="Regulatory">
            <parm name="Country" value="US"/>
        </characteristic>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
    </characteristic>
</wap-provisioningdoc>


Using the Auto Option:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="1"/>
        <characteristic type="Regulatory">
            <parm name="Country" value="AUTO"/>
        </characteristic>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
    </characteristic>
</wap-provisioningdoc>


Band Selection

Set 2.4GHz:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <characteristic type="Radio">
            <parm name="BandSelection" value="2.4GHz"/>
            <characteristic type="ChannelSelection">
                <parm name="2.4GHzChannels" value="1"/>
            </characteristic>
        </characteristic>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
    </characteristic>
</wap-provisioningdoc>


Set 5.0GHz:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <characteristic type="Radio">
            <parm name="BandSelection" value="5.0GHz"/>
            <characteristic type="ChannelSelection">
                <parm name="5.0GHzChannels" value="36"/>
            </characteristic>
        </characteristic>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
    </characteristic>
</wap-provisioningdoc>


Set Auto (both 2.4 and 5.0GHz):


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <characteristic type="Radio">
            <parm name="BandSelection" value="Auto"/>
            <characteristic type="ChannelSelection">
                <parm name="2.4GHzChannels" value="1"/>
                <parm name="5.0GHzChannels" value="36"/>
            </characteristic>
        </characteristic>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
    </characteristic>
</wap-provisioningdoc>


Add Wi-Fi Network

Adding an Open Network:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="0"/>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding a Personal Network with WPA:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="1"/>
            <parm name="WPAMode" value="1"/>
            <characteristic type="key-details">
                <parm name="KeyType" value="Passphrase"/>
                <parm name="ProtectKey" value="0"/>
                <parm name="PassphraseWPAClear" value="KsdU6X3u"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding a Personal Network with WPA and TKIP:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="1"/>
            <parm name="WPAMode" value="1"/>
            <characteristic type="auth-details">
                <characteristic type="encryption-details">
                    <parm name="EncryptionWPA" value="1"/>
                </characteristic>
            </characteristic>
            <characteristic type="key-details">
                <parm name="KeyType" value="Passphrase"/>
                <parm name="ProtectKey" value="0"/>
                <parm name="PassphraseWPAClear" value="KsdU6X3u"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding a Personal Network with WPA2:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="1"/>
            <parm name="WPAMode" value="2"/>
            <characteristic type="key-details">
                <parm name="KeyType" value="Passphrase"/>
                <parm name="ProtectKey" value="0"/>
                <parm name="PassphraseWPAClear" value="KsdU6X3u"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding a Personal Network with WPA/WPA2:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="1"/>
            <parm name="WPAMode" value="3"/>
            <characteristic type="key-details">
                <parm name="KeyType" value="Passphrase"/>
                <parm name="ProtectKey" value="0"/>
                <parm name="PassphraseWPAClear" value="KsdU6X3u"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding a Personal Network with WEP:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="1"/>
            <parm name="WPAMode" value="4"/>
            <characteristic type="auth-details">
                <characteristic type="encryption-details">
                    <parm name="EncryptionWEP" value="1"/>
                </characteristic>
            </characteristic>
            <characteristic type="key-details">
                <parm name="KeyType" value="Passphrase"/>
                <parm name="ProtectKey" value="0"/>
                <parm name="PassphraseWEPClear" value="KsdU6X3u"/>
                <parm name="WepKeyIndex" value="1"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding an Enterprise Network with WPA:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="2"/>
            <parm name="WPAMode" value="1"/>
            <parm name="Authentication" value="1"/>
            <characteristic type="auth-details">
                <parm name="OptionalServerCertificate" value="serverCertName"/>
                <parm name="MandatoryClientCertificate" value="clientCertName"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding an Enterprise Network with WPA2:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="2"/>
            <parm name="WPAMode" value="2"/>
            <parm name="Authentication" value="1"/>
            <characteristic type="auth-details">
                <parm name="OptionalServerCertificate" value="serverCertName"/>
                <parm name="MandatoryClientCertificate" value="clientCertName"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding an Enterprise Network with WPA/WPA2:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="2"/>
            <parm name="WPAMode" value="3"/>
            <parm name="Authentication" value="1"/>
            <characteristic type="auth-details">
                <parm name="OptionalServerCertificate" value="serverCertName"/>
                <parm name="MandatoryClientCertificate" value="clientCertName"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>


Adding an Enterprise Network with WEP:


<wap-provisioningdoc>
    <characteristic type="Wi-Fi" version="4.4" >
        <parm name="UseRegulatory" value="0"/>
        <parm name="UseDiagnosticOptions" value="0"/>
        <parm name="UseAdvancedOptions" value="0"/>
        <parm name="NetworkAction" value="Add"/>
        <characteristic type="network-profile">
            <parm name="SSID" value="Zebra"/>
            <parm name="SecurityMode" value="2"/>
            <parm name="WPAMode" value="4"/>
            <parm name="Authentication" value="1"/>
            <characteristic type="auth-details">
                <characteristic type="encryption-details">
                    <parm name="EncryptionWEP" value="1"/>
                </characteristic>
                <parm name="OptionalServerCertificate" value="serverCertName"/>
                <parm name="MandatoryClientCertificate" value="clientCertName"/>
            </characteristic>
            <parm name="UseDHCP" value="1"/>
            <parm name="UseProxy" value="0"/>
        </characteristic>
    </characteristic>
</wap-provisioningdoc>

OmniTrail Flag

Used to specify the OmniTrail flag.

Shown if: The "Specify OmniTrail Options" checkbox is checked

Parm Name: OmniTrailFlag

Option Name Description Requires
4 Do not change This value (or the absence of this parm from the XML) will cause no change to the current Wi-Fi setting; any previously selected setting will be retained.

MX: 6.3+

3 3 Sets the OmniTrail flag to 3.

MX: 6.3+

2 2 Sets the OmniTrail flag to 2.

MX: 6.3+

1 1 Sets the OmniTrail flag to 1.

MX: 6.3+

0 0 Sets the OmniTrail flag to 0.

MX: 6.3+

OmniTrail Interval

Used to specify the interval (in ms) at which to emit a locational beacon. More frequent beacon emmissions are generally more effective at determining location of devices that are indoors or within other tightly bounded spaces.

Parm value input rules:

  • Integer from 200-5000 (ms) containing the desired interval at which to emit a locational beacon

Shown if: The "Specify OmniTrail Options" checkbox is checked

Parm Name: OmniTrailInterval

Requires:

  • MX: 6.3+

Captive Portal Detection

This is the On/Off switch for the detection of a Captive Portal, which requires user interaction to activate an open Wi-Fi connection. Captive portals are often used on public-access networks such as those at airports, hotels and coffee shops.

Parm Name: OmniTrailPriority

Option Name Description Requires
2 Do not change This value (or the absence of this parm from the XML) will cause no change to the setting; any previously selected setting will be retained.

MX: 6.3+

1 Enable Enables the detection of a captive portal.

MX: 6.3+

0 Disable Disables the detection of a captive portal.

MX: 6.3+