Docs
mobileIoT Hardware
Documentation

Wi-Fi interface profiles

IMPORTANT:
The Wi-Fi profiles are only valid and processed by the device if the Virtual Ethernet-Wi-Fi Brigde is DISABLE .

As like the other interface profile settings, one can navigate to the Wi-Fi profiles through the Network profiles section in the Network management.

After navigating to the Wi-Fi interface profiles through the Network Profiles section, one can have one or multiple profiles.

🎯 TIP :
It is HIGHLY recommended to only use one Wi-Fi interface profile as deep network technology knowledge is required to configure multiple profiles.

Now navigate to one of the Profiles.

General Wi-Fi preferences

Profile name

Give the ethernet connection a unique name,

  • default: Wireless connection
Automatically join this network when available

Connect this profile automatically when the resources for this connection become available. When disabled the profile will be “parked” in the configuration, but not actively used.

Connection Priority

Priority for profiles that are configured to auto connect, this setting spans over all profiles of all interfaces where the autoconnect setting is set to true. A higher number means higher priority.

  • Range: 0 .. 1000
  • default: 0
Number of connection retries

Number of times to retry to connect the profile automatically before giving up. When autoconnection fails after the given number of retries, the next highest priority profile will be used. A value of zero means retry forever.

  • default: -1

Operating mode & Security

The Wi-Fi interface has three operation mode, which will be described in detail in the next section.


Hotspot configuration

In Hotspot mode, the device acts as WiFi Hotspot or also known Access Point.

SSID

SSID of the Wi-Fi network.

  • default: CR3171_<<LAST 4 DIGITS OF MACLAN_MAC>>
Hide SSID

This option controls if the SSID of the Wi-Fi network is hidden or visible.

  • default: OFF
Security

Key management configuration for the WiFi connection.

Options:
  • unencrypted , No further setting required
  • WPA/PSK, a password will be required
  • SAE, a password will be required
  • OWE, No further settings required
  • WPA/EAP, Some more settings are required, see description below.
🎯 TIP :
More information what the options means is described below.
🎯 TIP :
More information about the various security types:
WPA/PSK : Wikipedia - WPA terminology
OWE : Wikipedia - Opportunistic Wireless Encryption
SAE : Wikipedia - Simultaneous Authentication of Equals
WPA/EAP : Wikipedia - Extensible Authentication Protocol
Password

In case of WPA/PSK , the Password is the Pre-Shared Key for the WPA secured connection.

In case of security type SAE , the password will be handled according to the SAE Authentication method.

  • default: <empty>
WPA/EAP

When the WPA/EAP option is chosen, some more settings has to be entered.

Username

Available when security type is set to WPA/EAP , is the EAP Username.

  • default: <empty>
Password

Available when security type is set to WPA/EAP , is the EAP password.

  • default: <empty>
Anonymous identity

Available when security type is set to WPA/EAP , is the EAP Anonymous identity.

  • default: <empty>
Domain

Available when security type is set to WPA/EAP , is the EAP Domain.

  • default: <empty>
CA Certificate

Available when security type is set to WPA/EAP , is the EAP CA certificate in PEM format.

  • default: <empty>


Client configuration

In Wi-Fi Client mode, the Wi-Fi interface will try to connect to the configured Wi-Fi network.


The following settings are available setting up a Wi-Fi client:

SSID

SSID of the Wi-Fi network.

  • default: CR3171_<<LAST 4 DIGITS OF MACLAN_MAC>>
BSSID

Optional Basic Service Set Identifier for the Wi-Fi network.

  • default: <empty>
Security

Key management configuration for the WiFi connection.

Options:
  • unencrypted , No further setting required
  • WPA/PSK, a password will be required
  • SAE, a password will be required
  • OWE, No further settings required
  • WPA/EAP, Some more settings are required, see description below.
🎯 TIP :
More information what the options means is described below.
🎯 TIP :
More information about the various security types:
WPA/PSK : Wikipedia - WPA terminology
OWE : Wikipedia - Opportunistic Wireless Encryption
SAE : Wikipedia - Simultaneous Authentication of Equals
WPA/EAP : Wikipedia - Extensible Authentication Protocol
Password

In case of WPA/PSK , the Password is the Pre-Shared Key for the WPA secured connection.

In case of security type SAE , the password will be handled according to the SAE Authentication method.

  • default: <empty>
WPA/EAP

When the WPA/EAP option is chosen, some more settings has to be entered.

Username

Available when security type is set to WPA/EAP , is the EAP Username.

  • default: <empty>
Password

Available when security type is set to WPA/EAP , is the EAP password.

  • default: <empty>
Anonymous identity

Available when security type is set to WPA/EAP , is the EAP Anonymous identity.

  • default: <empty>
Domain

Available when security type is set to WPA/EAP , is the EAP Domain.

  • default: <empty>
CA Certificate

Available when security type is set to WPA/EAP , is the EAP CA certificate in PEM format.

  • default: <empty>


Ad-hoc configuration

A Wi-Fi ad-hoc connection is a decentralized network where devices communicate directly without a central access point (AP). It forms a Basic Service Set (BSS) with a randomly generated BSSID that identifies the network. Devices collaboratively manage the connection, and all participants share the same BSSID. Ad-hoc networks are ideal for temporary setups like file sharing or gaming, especially in areas without infrastructure. While easy to set up and useful for peer-to-peer communication, they are limited in range, scalability, and security due to the absence of centralized control.

In this mode only to fields are to be configured.

Security

Key management configuration for the WiFi connection.

Options:
  • unencrypted, No further setting required
  • WPA/PSK, a password will be required
  • SAE, a password will be required
  • OWE, No further settings required
  • WPA/EAP, Some more settings are required, see description below.
🎯 TIP :
More information what the options means is described below.
🎯 TIP :
More information about the various security types:
WPA/PSK : Wikipedia - WPA terminology
OWE : Wikipedia - Opportunistic Wireless Encryption
SAE : Wikipedia - Simultaneous Authentication of Equals
WPA/EAP : Wikipedia - Extensible Authentication Protocol
Password

In case of WPA/PSK , the Password is the Pre-Shared Key for the WPA secured connection.

In case of security type SAE , the password will be handled according to the SAE Authentication method.

  • default: <empty>
WPA/EAP

When the WPA/EAP option is chosen, some more settings has to be entered.

Username

Available when security type is set to WPA/EAP , is the EAP Username.

  • default: <empty>
Password

Available when security type is set to WPA/EAP , is the EAP password.

  • default: <empty>
Anonymous identity

Available when security type is set to WPA/EAP , is the EAP Anonymous identity.

  • default: <empty>
Domain

Available when security type is set to WPA/EAP , is the EAP Domain.

  • default: <empty>
CA Certificate

Available when security type is set to WPA/EAP , is the EAP CA certificate in PEM format.

default: <empty>

Band and IP configuration method

Band

This option configures the 802.11 frequency band of the network, i.e. the device will not join the network if the band does not match, even if all other options are compatible.

Options:
  • auto,
  • A (5 GHz),
  • B/G (2.4 GHz)
Channel

Wireless channel to use for this connection, the value of zero means, that the channel will be chosen automatically. Explicitly setting this option will ensure that the device only joins a network on the specified channel.

Options:
  • Band B/G :
    • 1 - 14
  • Band A:
    • As this is regional depended, please visit Wikipedia to select the right channel within your region.
IP configuration method

IP configuration method, by default the interface is set to use link-local, i.e. auto-ip configuration which makes sure that the device does not disrupt an existing network when plugged in.


Options:
  • auto, the interface will be configured as DHCP client and therefore will be assigned a IP address from an external DHCP router. No IPv4 address has to be configured.
  • manual, In manual mode, the IPv4 Address defines the network and mask, the device IP is set through IPv4 Gateway..
  • link-local, a link-local address is a network address that is valid only for communications on a local link, i.e. within a subnetwork that a host is connected to. IPv4 link-local unicast addresses are assigned from address block 169.254.0.0/16 ( 169.254.0.0 through 169.254.255.255 ).
  • shared, In shared or DHCP mode, the device's Network Manager sets up the DHCP server to manage IP addresses. It reserves 10% of the total range (up to 8 addresses) for devices that need fixed IPs, while the rest of the addresses are automatically assigned to devices as needed. Below this is explained through examples.
IPv4 Address

IP address used for either static IP, when method is set to manual or DHCP server configurations when the shared method is selected. The CIRD notation is used to define the subnet mask.

By using e.g. 192.168.82.1/24 the device will be part of the 192.168.82.0 network and will allow access or communication from IPs in the range of 192.168.82.1 - 192.168.82.255

🎯 Tip: As security measure it is advisable to tighten the allowed IPs on the network as possible, for instance to use /29 or 255.255.255.248 subnet to only allow 6 address on the network, as 192.168.82.0 is the network address and 192.168.82.7 is the broadcast address and 192.168.82.1 - 192.168.82.6 remains available.
Example - default setting

192.168.82.1/24 will result in:

  • Network = 192.168.82.0/24
  • Host = 192.168.82.1
  • Static IP range = 192.168.82.2 - 192.168.82.10
  • Dynamic IP range = 192.168.82.11 - 192.168.82.254
  • Broadcast IP = 192.168.82.255
Example 2 - Ready for controller and display & secure

When a network is setup with ifm controllers and displays which are by default respectively configured with 192.168.82.247 and 192.168.82.245 , it make sense to

192.168.82.240/29 will result in:

  • Network = 192.168.82.240/29
  • Host = 192.168.82.241
  • Static IP range = None as only 6 addresses are available (6/10) = 0
  • Dynamic IP range = 192.168.82.242 - 192.168.82.246
  • Broadcast IP = 192.168.82.247
⚠ The Broadcast IP unfortunately collides with the IP address of the controller, for this there are two solutions:
  • more secure: change the (static) IP address of the controller and keep the pool of 6 available IPs.
  • no change needed: set the subnet mask to /28 instead of /29 , this will the increase the available IP range from 6 to 14, which is less secure but no change is needed of the controller IP address.
Example 3 - higher host IP, lower half of range

192.168.82.100/24 will result in:

  • Network = 192.168.82.0/24
  • Host = 192.168.82.100
  • Static IP range = 192.168.82.101 - 192.168.82.108 , but also 192.168.82.1 - 192.168.82.100
  • Dynamic IP range = 192.168.82.109 - 192.168.82.254
  • Broadcast IP = 192.168.82.255
Example 4 - higher host IP, upper half of range

192.168.82.200/24 will result in:

  • Network = 192.168.82.0/24
  • Host = 192.168.82.200
  • Static IP range = 192.168.82.192 - 192.168.82.200 , but also 192.168.82.201 - 192.168.82.254
  • Dynamic IP range = 192.168.82.1 - 192.168.82.191
  • Broadcast IP = 192.168.82.255
IPv4 gateway

If the manual mode is selected one can setup the Static IP address of the gateway. Keep in mind this should be in the given subnet range.

DNS servers

It is possible to setup three additional DNS servers if required.