Skip to main content

Network Requirements For imp-enabled Devices

Ensure Your Devices Are Able To Connect Smoothly

To confirm that your imp-enabled Development and Production Devices are able to connect to the Internet smoothly, you should understand the types of network that imp modules support, how they maintain WiFi security — those which connect this way — and how they communicate through a firewall. This will help you advise your end-users and troubleshoot their network-related technical queries.

WiFi

Note Please see this page for information about WPA3.

Most imps are designed to use 802.11n WiFi operating in the 2.4GHz band. They are compatible with older 2.4GHz 802.11b and 802.11g networks.

Only the imp005 and some imp006 variants are compatible with 802.11n networks which operate in the 5GHz band. They are also compatible with 802.11a. The dual-band imp006 variant (imp006a) is also compatible with 802.11ac).

The impC001 is not able to connect by WiFi.

Some 802.11n routers are marked ‘dual band’ — they can operate in both the 2.4GHz and the 5GHz bands, sometimes simultaneously. For imp001-, imp002-, imp003- and imp004m-based devices, these routers should be set to provide a 2.4GHz network, either in place of a 5GHz network or alongside it.

Many routers, irrespective of the type of WiFi they support, can be set to host a ‘hidden’ network — the network’s SSID is not broadcast for devices to detect. End-users who choose to operate a hidden network can still connect imp-enabled devices to it, but they must be able to enter the network’s name in your mobile app so that the non-broadcast SSID can be passed to the device during BlinkUp™.

For security reasons, no imp can be configured to operate as a WiFi hotspot (access point).

WiFi Regions

Early Developer Edition imp001s, and all US-sold imp cards and modules, can’t use WiFi channels 12 and 13. If you or an end-user are having trouble connecting a device and you or they are outside of the US, please ensure the wireless router is not set to channel 12 or 13.

WiFi Security

Every WiFi-compatible imp module is capable of determining what kind of security — WEP, WPA or WPA2 — is being used by the network it is attempting to connect to. It supports all of these ‘consumer’ security mechanisms.

WPS

Most WiFi-compatible imps can receive a WPS (WiFi Protected Setup) code and use it to securely log into your router.

The imp005 does not support WPS. Please use the standard SSID/password login instead for imp005-based developer devices, and do not offer WPS as an option to end-users in your BlinkUp app.

Please see this page for information about WPA3.

Removing Your Password

If you configure an imp-enabled device to connect to your password-protected WiFi network but subsequently downgrade the security of the network by removing the password, the on-board imp will no longer connect to the network. To re-connect, the device must be reconfigured with a blank password.

This is by design. It is intended to prevent your device (and other devices on the network) being ‘captured’ by a rogue WiFi access point masquerading as your network router. It can do this by transmitting the same SSID as your network but at a higher signal strength, but without the password, which the assailant does not know.

Enterprise WiFi

No WiFi-compatible imp currently supports enterprise-level WiFi authentication, 802.1x, which requires that you log in with a username and password as well as the customary SSID. An end-user will not be able to connect an imp-enabled device in such an environment at this time.

Workarounds

There are ways to use imps in enterprise environments, however. Many enterprises provide WPA2 Personal-based networks for guest access and to support other devices, such as network printers, which do not support WPA2 Enterprise. Check with your IT department.

Another option, primarily for device demonstrations and testing, is to use a cellular-connected WiFi hotspot unit. These use 3G or 4G cellular for Internet connectivity and share this connection via an ad hoc WPA2 Personal local WiFi network. Such units are widely available from carriers and also in unlocked form.

Captive Hotspots

WiFi-compatible imps do not support networks which present an HTML form in which the user enters login details before network access is granted. Some consumer routers use this approach, but it is most commonly encountered with public hotspots and some guest networks in corporate environments.

Ethernet

Only the imp005 is capable of connecting via a wired Ethernet network. It supports 10Mbps and 100Mbps operation.

An imp005-based device may still need be configured by BlinkUp even if it is only going to connect via Ethernet, in order to activate it. Some end-users may wish to provide a WiFi network as a backup, so you should consider providing the ability to enter these details as an option in your BlinkUp app. The imp005-based device will still require both a planID and an enrolment token in order to be authorized to access the Electric Imp impCloud™, and these can be passed using BlinkUp. However, it is also possible to set these values in application code using the imp API method imp.setenroltokens(). Care should be taken in this case to prevent these method being called every time the device is power-cycled or wakes from sleep.

Cellular

Only the impC001 and imp006 are capable of connecting via a cellular network.

Please see Design Hardware With The imp006 to learn which cellular modems — and so which cellular technologies — are supported by the imp006.

The impC001, which is no longer available, sampled in three versions:

Variant LTE 3G Fallback 2G Fallback
impC001-eur Bands 1, 3, 8, 20, 28 UMTS bands 1, 8 900 and 1800MHz
impC001-us Bands 2, 4, 5, 12 UMTS bands 5, 4, 2 N/A
impC001-aus Bands 3, 5, 8, 28 UMTS bands 1, 5, 8 N/A

Note The impC001 is not able to connect via WiFi or Ethernet.

impC001- or imp006-based device may still need be configured by BlinkUp even if they are not going to connect by WiFi. This is in order to activate it, ie. be authorized to access the Electric Imp impCloud.

Static Configurations and Proxy Servers

WiFi- and Ethernet-compatible imps support static network configurations and access through proxy servers. These can be accessed by toggling the ‘Use advanced settings’ switch in the Electric Imp mobile app, or in code by calling imp.setstaticnetworkconfiguration().

In the app, selecting any of the available network modes will now present two extra pages in the setup sequence:

In code, the imp API method passes in the required values as arguments.

Both groups of settings are enabled by default, but can be disabled: for example, if you wish to apply proxy settings but not add static IP address information. The ‘Static IP’ section requires the entry of an IP address, netmask, gateway address and at the address of at least one DNS serve, all in quad numeric form, eg. 192.168.0.1. You will not be able to proceed until you have entered this information (or disabled the settings by toggling the ‘Assign static IP address switch). The ‘Proxy’ settings page requires a server address and a port number at minimum.

DNS

If you plan configure an imp with an external DNS server — for example, one of Google’s DNS servers — by either of the methods described above, you should ensure that local networks’ firewalls allow DNS traffic to pass through. This traffic flows through port 53. This port must be open if the imp is to be able to perform a DNS look-up to get the address of its impCloud server.

By default, imps will use whichever DNS server is referenced by the local network’s DHCP server. If that DNS server is external, the firewall must allow access to it through port 53.

This check is not required for imps that have been programmed with the address of a local DNS server.

Firewalls

WiFi- and Ethernet-compatible imps only makes outbound connections, so firewall configuration is only required if the firewall stops outbound connections. This is rarely the case in consumer routers, but commonplace in corporate environments.

Imp communications make use of the following ports, which need to be open through a firewall:

Port TCP UDP Usage
31314 Initial device-server connection
993 Fallback device-server connection #1
443 Fallback device-server connection #2
80 Fetch device firmware
53 Allow DNS look-ups — imps with non-default DNS settings, see above

Imps will attempt to connect via TCP port 31314. If this fails, they will attempt to use TCP port 993, which is typically open by default for email traffic. Should both 31314 and 993 be closed, they will try 443. Imps do not use UDP.

Port 80 is used to request and transfer impOS™ updates. This port is typically open by default for HTTP/HTTPS communications.