Skip to main content

Network Requirements for imp-enabled Devices

Ensure your devices are able to connect smoothly

To ensure your imp-enabled development and production devices are able to connect to the Internet smoothly, you should understand the types of network that imp modules support, how they maintain WiFi security, and how they communicate through a firewall. This will help you advise your end-users and troubleshoot their network-related technical queries.

WiFi

Every imp is designed to use 802.11n WiFi operating in the 2.4GHz band. They are compatible with older 2.4GHz 802.11b and 802.11g networks.

Only the imp005 module is compatible with 802.11n networks which operate in the 5GHz band. It is also compatible with 802.11a.

Some 802.11n routers are marked ‘dual band’ — they can operate in both the 2.4GHz and the 5GHz bands, sometimes simultaneously. For imp001-, imp002-, imp003- and imp004m-based devices, these routers should be set to provide a 2.4GHz network, either in place of a 5GHz network or alongside it.

Many routers, irrespective of the type of WiFi they support, can be set to host a ‘hidden’ network — the network’s SSID is not broadcast for devices to detect. End-users who choose to operate a hidden network can still connect imp-enabled devices to it, but they must be able to enter the network’s name in your mobile app so that the non-broadcast SSID can be passed to the device during BlinkUp™.

For security reasons, no imp can be configured to operate as a WiFi hotspot (access point).

WiFi Regions

Early Developer Edition imp001s, and all US-sold imp cards and modules, can’t use WiFi channels 12 and 13. If you or an end-user are having trouble connecting a device and you or they are outside of the US, please ensure the wireless router is not set to channel 12 or 13.

WiFi Security

Every imp module is capable of determining what kind of security — WEP, WPA or WPA2 — is being used by the network it is attempting to connect to. It supports all of these ‘consumer’ security mechanisms.

WPS

Most imps can receive a WPS (WiFi Protected Setup) code and use it to securely log into your router. However, the imp005 does not currently support WPS. Please use the standard SSID/password login instead for imp005-based developer devices, and do not offer WPS as an option to end-users in your BlinkUp app.

Removing Your Password

If you configure an imp-enabled device to connect to your password-protected WiFi network but subsequently downgrade the security of the network by removing the password, the on-board imp will no longer connect to the network. To re-connect, the device must be reconfigured with a blank password.

This is by design. It is intended to prevent your device (and other devices on the network) being ‘captured’ by a rogue WiFi access point masquerading as your network router. It can do this by transmitting the same SSID as your network but at a higher signal strength, but without the password, which the assailant does not know.

Enterprise WiFi

Imps do not currently support enterprise-level WiFi authentication, 802.1x, which requires that you log in with a username and password as well as the customary SSID. An end-user will not be able to connect an imp-enabled device in such an environment at this time.

Workarounds

There are ways to use imps in enterprise environments, however. Many enterprises provide WPA2 Personal-based networks for guest access and to support other devices, such as network printers, which do not support WPA2 Enterprise. Check with your IT department.

Another option, primarily for device demonstrations and testing, is to use a cellular-connected WiFi hotspot unit. These use 3G or 4G cellular for Internet connectivity and share this connection via an ad hoc WPA2 Personal local WiFi network. Such units are widely available from carriers and also in unlocked form.

Captive Hotspots

Imps do not support networks which present an HTML form in which the user enters login details before network access is granted. Some consumer routers use this approach, but it is most commonly encountered with public hotspots and some guest networks in corporate environments.

Ethernet

Only the imp005 is capable of connecting via a wired Ethernet network. It supports 10Mbps and 100Mbps operation.

An imp005-based device may still need be configured by BlinkUp even if it is only going to connect via Ethernet. Some end-users may wish to provide a WiFi network as a backup, so you should consider providing the ability to enter these details as an option in your BlinkUp app. The imp005-based device will still require both a planID and an enrollment token in order to be authorized to access the Electric Imp impCloud™, and these can be passed using BlinkUp. However, it is also possible to set these values in application code using the imp API method imp.setenroltokens(). Care should be taken in this case to prevent these method being called every time the device is power-cycled or wakes from sleep.

Static Configurations and Proxy Servers

The imp005 also supports static network configurations and access through proxy servers. These can be accessed by toggling the ‘Use advanced settings’ switch in the Electric Imp mobile app. Selecting any of the available network modes will now present two extra pages in the setup sequence:

Both groups of settings are enabled by default, but can be disabled: for example, if you wish to apply proxy settings but not add static IP address information. The ‘Static IP’ section requires the entry of an IP address, netmask, gateway address and at the address of at least one DNS serve, all in quad numeric form, eg. 192.168.0.1. You will not be able to proceed until you have entered this information (or disabled the settings by toggling the ‘Assign static IP address switch). The ‘Proxy’ settings page requires a server address and a port number at minimum.

Firewalls

Imps only makes outbound connections, so firewall configuration is only required if the firewall stops outbound connections. This is rarely the case in consumer routers, but commonplace in corporate environments.

Imp communications make use of the following ports, which need to be open through a firewall:

Port TCP UDP Usage
31314 Initial device-server connection
993 Fallback device-server connection #1
443 Fallback device-server connection #2
80 Fetch device firmware

Imps will attempt to connect via TCP port 31314. If this fails, they will attempt to use TCP port 993, which is typically open by default for email traffic. Should both 31314 and 993 be closed, they will try 443. Imps do not use UDP.

Port 80 is used to request and transfer impOS™ updates. This port is typically open by default for HTTP/HTTPS communications.