Intermec Technologies 08CN3 CN3 with DHIB and MC75 User Manual CN3UserManual

Intermec Technologies Corporation CN3 with DHIB and MC75 CN3UserManual

User Manual part 5 of 6

CN3 Mobile Computer User’s Manual 1095Network SupportThis chapter includes information about the different networks supported by the CN3 Mobile Computer, and ways to configure and manage those networks. Note that the CN3 automatically installs the appropriate software for radio or phone use when the CN3 is turned on.Note: Desktop icons and settings icons are shown to the left. Any place that Start is mentioned, tap the following Windows icon in the top, left corner of your CN3 desktop.
Chapter 5 — Network Support110 CN3 Mobile Computer User’s ManualWireless Network SupportRadios are installed at the factory and cannot be installed by a user. The CN3 must be serviced to install or replace radios. Contact your Intermec representative for more information. Personal Area Networks“Bluetooth” is the name given to a technology standard using short-range radio links, intended to replace cables connecting portable and fixed electronic devices. The standard defines a uniform structure for a range of devices to communicate with each other with minimal user effort. Its key features are robustness, low complexity, low power, and low cost. The technology offers wireless access to LANs, the mobile phone network, and the internet for a host of home appliances and mobile computer interfaces.Wireless Printing can also be done with Microsoft APIs, including Bluetooth extensions for Winsock, and Bluetooth virtual COM ports. Information about other Bluetooth software is in the Bluetooth Resource Kit and the Bluetooth Resource Kit User’s Guide via the Intermec Developer Library (IDL), which is available as a download from the Intermec web via www.intermec.com/idl. See your Intermec representative for information.Configuring with the Wireless Manager Note: Changes or modifications not expressly approved by Intermec could void the user’s authority to operate the equipment.Note: The Wireless Manager application is available only when Microsoft Zero Configuration is enabled. If Intermec Security is enabled, then this application is not available. See page 175 for information on enabling and configuring Microsoft Security.You can use the Wireless Manager to enable and disable Bluetooth, Wi-Fi, and the Phone if it is built into your CN3.To enable Bluetooth using the Wireless Manager•Tap Start > Settings > the Connections tab > the Wireless Manager icon, or • Tap the Wireless Manager row from the Today desktop.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 111In the Wireless Manager, either tap All or tap Bluetooth, then wait for “On” to appear beneath the Bluetooth row.Once activated, information appears in the Today desktop like the following. Note the Bluetooth icon is on the right.Tap Menu > Bluetooth Settings to perform a device search (more information on the next page). Tap Done to close the Wireless Manager.Enabling Bluetooth After a Clean BootBluetooth is not started by default after a clean-boot is performed. The CN3 retains the Bluetooth state when clean-boots are performed, for example:• If Bluetooth was enabled before a clean-boot was performed, the CN3 boots up with the Bluetooth state enabled and Bluetooth virtual COM ports (such as printing) registered. Reactivate the connections manually as the system does not do them.• If Bluetooth was disabled before a clean-boot was performed, the CN3 boots up with Bluetooth disabled. To turn on Bluetooth• Select Start > Settings > the Connections tab > the Bluetooth icon > the Mode tab, then check Turn on Bluetooth.• If the CN3 is to be found by other Bluetooth devices that require such visibility, then check Make this device visible to other devices. To enable Bluetooth•Tap Start > Settings > the Connections tab > the Bluetooth icon.
Chapter 5 — Network Support112 CN3 Mobile Computer User’s ManualIn most cases, the CN3 will find other Bluetooth devices, such as a printer, GPS receiver, headset, or hands-free device.To scan for other Bluetooth devices1Tap the Devices tab, then tap Add new device... to search for (or scan) remote Bluetooth devices.2When the CN3 is finished scanning, any newly found devices appear in the box. Tap Refresh to perform additional searches.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 1133Select a device to which to connect, then click Next.
Chapter 5 — Network Support114 CN3 Mobile Computer User’s Manual4Enter a passkey to establish a secure connection, then tap Next. Passkeys are typically provided in the documentation that comes with the Bluetooth device being searched. Tap Yes if prompted to let the other device connect with your CN3.5Select what services you want from this remote device, then click Finish to return to the Devices tab.To connect with other devices1Tap the COM Ports tab, then tap New Outgoing Port to connect to a Bluetooth device.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 1152Select the device to add, then click Next.3Select a port from the Port drop-down list, check Secure Connection, then click Finish to return to the COM Ports page.4Tap New Incoming Port to allow other Bluetooth devices to connect with your CN3. Select on which port to secure this connection, then click Finish to return to the COM Ports page.5You can press and hold on a device to edit that device or delete it from the list.
Chapter 5 — Network Support116 CN3 Mobile Computer User’s ManualUsing the Wireless Printing AppletThe Wireless Printing applet separates the task of wireless printing from other Bluetooth management items not relevant to this task.Wireless Printing has a concept of the “current wireless printer.” This printer is the one to which the CN3 makes a connection when the wireless printing COM port is opened. If there is no current wireless printer, there is no wireless printing COM port. Registration and deregistration of this COM port is controlled by the Bluetooth COM port control. Use the Wireless Printing applet to handle the COM port registration. Customer software or other test applications can also use this applet to manage the COM port registration and deregistration.The current wireless printer is stored in the registry and is registered and deregistered on Bluetooth stack load/unload. If the current wireless printer changes, the existing wireless printing COM port is deregistered, and the new one is registered instead. The registered COM port is stored in the registry as the “WPort.”For information on using Bluetooth communications, see the Bluetooth Resource Kit in the IDL, which is available as a download from the Intermec web site at www.intermec.com/idl. Contact your Intermec representative for more information.Use any of the following methods to set the wireless printer:• Use a Bluetooth device search to locate the remote device.• Manually enter the remote Bluetooth Device Address.• Use Current Wireless Printer to set a different printer.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 117To perform a Bluetooth device search4In about half a minute, Bluetooth devices found within your range will appear. If your preferred printer is in the list, select to highlight the printer, then tap OK. 5If you do not see your preferred device, make sure this device is powered on and set to search, then tap Search again. 6Tap Cancel to return to the first screen without making changes.1Select Start > Settings > the System tab > the Wireless Printing icon.2Clear the Show Printers Only box if you want to find more than just the Bluetooth printers. 3Tap Search to initiate the device search.
Chapter 5 — Network Support118 CN3 Mobile Computer User’s ManualTo perform a manual setupWhen you set your printer manually, your device may not receive the printer name. Therefore, “-unknown-” can display under Device Name.To set a different printer3Tap either Search or Manual, tap OK, then do the applicable steps. 4Tap Cancel to return to the current wireless printer settings without making changes, then tap Exit to close the applet.Note: If you know the Bluetooth Device Address of the printer you want to use, use this procedure to avoid a Device Search.1Select Start > Settings > the System tab > the Wireless Printing icon.2Tap Manual, enter the address of your device in the field, then tap OK. Tap Cancel to return to the first screen without making changes.1Select Start > Settings > the System tab > the Wireless Printing icon.2Tap Set Different Printer to return to the device search screen.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 119Connecting to Bluetooth Audio DevicesThe Bluetooth audio user interface is a part of the Bluetooth Audio applet. You can use this applet to search for, activate, and connect to Bluetooth audio devices, such as Bluetooth headsets. You can control the audio volume and the amplification for the microphone for the connected Bluetooth audio device (if the connected device has these capabilities).To access the Bluetooth Audio appletSearching for Bluetooth HeadsetsTo search for a Bluetooth headset with either a “headset” or a “hands-free” profile, tap Search for devices. Audio devices that are found are added to the list with an icon to identify either profile.1When searching for a device, select Yes at the following prompt to allow that device to connect to your CN3.2Enter the passcode that is provided with your Bluetooth audio device, such as “0000,” then tap Next to finish pairing with your audio device.The passcode is provided by the manufacturer of your Bluetooth audio device. You can usually find your passcode in the user manual that is provided with your audio device.1From the CN3 desktop, select Start > Settings. 2Tap the System tab, then tap the Bluetooth Audio icon.
Chapter 5 — Network Support120 CN3 Mobile Computer User’s Manual3Select the services tied to the Bluetooth audio device to which you are connecting, then tap Finish.Once the pairing is successfully completed, the Bluetooth audio device appears in the list of devices that are found. You can double-tap any of the devices for a pop-up menu to set it as a default, make a connection, refresh the connection, or delete the device from the list.Audio Device IconsEach device has two icons to the left, one to reflect its connection status, the other to reflect its default status. This table lists their meanings:Note: You can only select one Bluetooth audio device as the default device. You must set a device to default before you can connect to that device.Bluetooth Audio Device Status IconsIcon DescriptionYour CN3 and your Bluetooth audio device are not connected. Note the red diagonal bar.Your CN3 and your Bluetooth audio device are connected.Your Bluetooth audio device is not set as the default.Your Bluetooth audio device is set as the default. Note the red check mark.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 121Connecting to a Bluetooth HeadsetIf you find several Bluetooth audio devices, you can only connect to one audio device. Before you can connect to that device, you must set it as the default audio device.To connect to an audio device1Double-tap a device for its pop-up menu, then select to check Set as default if it is not already checked.On successful device activation, the device icon changes to include a red check mark. You can set another device as the default without having to clear the red check mark on the original.2Select Refresh to retrieve missing information from a device. Select Delete to remove a device from the list.3If the activated device has a “hands-free” profile, press a button on the device to establish an audio connection between the CN3 and the activated device. See the user manual for the Bluetooth device for information on what button to press.4To establish an audio connection to the activated device with either a “headset” or “hands-free” profile, double-tap the audio device, then select Connect from the pop-up menu.A check mark is added to this option in the pop-up menu. To disconnect from the audio device, repeat this step to clear the check mark.
Chapter 5 — Network Support122 CN3 Mobile Computer User’s Manual5When connection is established, the “connected/disconnected” status changes to that of a “connected” status and the Audio Device Settings are enabled to adjust settings of the connected Bluetooth audio device.Configuring Bluetooth Using Intermec SettingsYou can also configure your Bluetooth communications using Intermec Settings.To configure Bluetooth using Intermec SettingsConnecting with BluetoothMake sure Bluetooth is enabled on your mobile phone. For example, with the Nokia 3650, go to its menu, select Connect > Bluetooth, then set My phone’s visibility to “Shown to all.”1From the CN3 desktop, select Start > Settings > the System tab > the Intermec Settings icon. 2Tap (+) to expand Communications, then Bluetooth to configure its settings.Note: While these instructions apply to many Bluetooth devices, these instructions use the Nokia 3650 for example purposes.Tap the Microphone slider to adjust the amplificationTap the Volume slider bar to adjust the volume maintain your connection when you suspend the CN3Check Keep audio connected at suspend to
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 123Before you connect to the network, make sure Bluetooth is enabled on your CN3 so you can find and connect to remote devices. Go to “Personal Area Networks” on page 110 for information. Once connected, you should be able to browse Internet websites and use other online resources.To establish a Bluetooth connection between your CN3 and your mobile phone, then establish a dial-up networking session with your wireless network2Enter a name for the connection, such as “Nokia.” In the Select a modem list, select “Bluetooth,” then tap Next to continue.1Tap Start > Settings > the Connections tab > the Connections icon, then tap Add a new modem connection.
Chapter 5 — Network Support124 CN3 Mobile Computer User’s Manual3Tap Add new device... if the phone is not listed in the known devices. Make sure your Bluetooth device is turned on before you start the search.4When the search for devices is complete, select your Bluetooth device, then tap Next to continue.5Enter the correct Passkey on both the Bluetooth device and the CN3, then tap Next to continue.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 1256Enter a name for the device if needed, or select what services to use, then tap Finish.7Select the Bluetooth device to use to connect to the network, then tap Next to continue.8Enter the appropriate number as it should be dialed for your Bluetooth connection, then tap Next to continue.
Chapter 5 — Network Support126 CN3 Mobile Computer User’s Manual9Enter the user name, password, and domain required for your Bluetooth device, then tap Finish.Now you can establish a connection to your network via the Internet Explorer application. To disconnect, tap the Connectivity icon in the top menu bar, then select Disconnect.Local Area Networks (LANs)The CN3 is a versatile mobile computer that you can add to your wired or wireless LAN. It has an internal 802.11b/g radio to transfer data using wireless communications. This section of the manual assumes that you have already set up your wireless communications network including access points. Your CN3 supports TCP/IP network protocols. The easiest way to configure the network parameters on the CN3 is to use Intermec Settings . See “Using the Intermec Settings Applet” on page 15 for more information.In a TCP/IP network, the CN3 communicates with a host computer directly using TCP/IP. The access point acts as a bridge to allow communications between the wired and wireless networks.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 127Using the CDMA Radio Phone ApplicationWith the CDMA radio module installed in your CN3, you can send and receive telephone EV-DO (1x Evolution Data Optimized) calls as well as transmit data via wide-area (WAN) cellular networks. The CN3 provides a phone speaker, microphone, and speakerphone, and supports the use of a Bluetooth headset or hands-free kit. At factory-default, the phone is not activated.Using the Wireless Manager to Turn on the PhoneYou can use the Wireless Manager to enable and disable Bluetooth, Wi-Fi, and the Phone if it is built into your CN3.To turn on the phone using the Wireless Manager2In the Wireless Manager, either tap All or tap Phone, then wait for “On” to appear beneath the Phone row.3Once activated, the name of your phone network appears in the Today screen like the following:4Tap Menu > Phone Settings to configure the phone (more information to follow). 5Tap Done to close the Wireless Manager.Note: The Wireless Manager application is available only when Microsoft Zero Configuration is enabled. If Intermec Security is enabled, then this application is not available. See page 175 for information on enabling and configuring Microsoft Security.1Tap Start > Settings > the Connections tab > the Wireless Manager icon, or tap the Wireless Manager row from the Today desktop.
Chapter 5 — Network Support128 CN3 Mobile Computer User’s ManualActivating the PhoneThe CDMA phone is activated using the Activation Wizard in the Phone application. Contact your Intermec representative for more information.With the WAN radio module installed in your CN3, you can send and receive telephone calls. Use the speaker on the back of the computer as your earpiece and use the connector on the bottom of the computer for your mouthpiece.To initiate activation before using your Phone application1Tap Start > Phone from the Today screen to access the application which processes your phone calls. Tap the Close button in the upper right corner of this application to close.2In the Phone application, tap Menu > Activation Wizard from the bottom of the screen.3Have your activation code, phone number (MDN), and MSID information ready before you tap Next to continue. You can get this information from your network provider.Note: If you wish to perform this activation another time, tap Cancel to close this wizard, then tap Yes.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 1294Enter your 6-digit activation code (hidden by asterisks), then tap Next to continue.5Enter the phone number and MSID from Sprint, then tap Next to continue.6The application prompts whether the information entered is correct. If so, tap Yes to continue, else tap No to return to the previous screen.
Chapter 5 — Network Support130 CN3 Mobile Computer User’s Manual7The application acknowledges that your phone will be in service in up to four hours. Tap Finish to close the wizard.Using the CDMA PhoneTo access the Phone application that processes your phone calls•Tap Start > Phone.Tap the appropriate keys to enter a telephone number, then tap Talk to dial the number shown above the keypad.Note: Voice service is available immediately. Data service takes up to four hours of activation before you can use the service. If after four hours, a data connection is not established, go to “Updating Your PCS Vision Profile” on page 132 to manually launch data provisioning.Tap this to backspace one digitTap this to select a Tap this to access the Contacts applicationpreviously dialed number
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 131To use the Call History feature•Tap Call History to note the telephone numbers that were previously dialed from this CN3.To configure your phone settingsCustomizing the PhoneTap the Phone tab to customize your phone settings such as the ring type and ring tone to use for incoming calls, and the keypad tone to use when entering phone numbers. Detecting Your Network PositionTap the Location Settings tab to allow your network to detect your position or remain private with the exception of 911 emergencies.To get detected•Tap Location ON.• Either select Menu > Options from the Phone application, or• Select Start > Settings > the Personal tab > the Phone icon to access the applet.
Chapter 5 — Network Support132 CN3 Mobile Computer User’s ManualTo remain private•Tap 911 Only. This ensures that no service may use your location without you giving permission.Updating Your PCS Vision ProfileTap the Data Settings tab to either repair your connection settings or automatically update your PCS Vision.• When the built-in phone data connection used by Microsoft’s connection manager is corrupted, tap Repair Connectoid to repopulate the registry with the correct values for the data connection. If you find you cannot make a data connection to the CDMA data network, tap Repair Connectoid to assure that the connection entry used by the CDMA device is correct.• For Sprint networks, if your CN3 is unable to make a data connection and it has been more than four hours since activation, tap Provision, then follow the prompts to launch data provisioning from this screen. It takes a few minutes to set up the data portion of the WWAN network.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 133To repair your connections1Click Repair Connected, then tap Yes to perform the repair.2Tap ok to return to the Data Settings tab.To automatically update your profile1Click Provision to start the provisioning.2Tap ok to return to the Data Settings screen.Note: The data provisioning process can be automatically initiated by the Sprint network, by attempting to make a cellular line connection to the WAN before the CN3 is data provisioned, or by manually starting the connections through this screen. Intermec recommends that Sprint Network “push” the data provisioning to your CN3. This should occur shortly after the voice activation is complete.
Chapter 5 — Network Support134 CN3 Mobile Computer User’s ManualSetting the Roaming RangeScroll to, then tap the System Settings tab to set your roaming feature to either automatic with having to go through your server or to roam through the Sprint server.To alert the caller when roaming is enabled•Tap Automatic.To roam the network through the Sprint server•Tap Sprint.To be notified when devices are located• Check Enable Call Guard alert when roaming.Knowing the Version Numbers of Your Phone FeaturesScroll to, then tap the Version Information tab to view the latest versions of all of your phone features. Move the scroll bar along the bottom to the right to see additional information.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 135Using the GSM/EDGE Radio Phone ApplicationWith the WAN radio module installed in your CN3, you can send and receive telephone calls as well as transmit data via wide-area cellular networks. The CN3 provides a phone speaker, microphone, and speakerphone, and supports the use of a Bluetooth headset or hands-free kit. At factory-default, the phone is disabled. To turn on the phone, use either of the following methods:Using the Wireless Manager to Turn on the PhoneYou can use the Wireless Manager to enable and disable Bluetooth, Wi-Fi, and the Phone if it is built into your CN3.To turn on the phone using the Wireless Manager2In the Wireless Manager, either tap All or tap Phone, then wait for “On” to appear beneath the Phone row.3Once activated, the name of your phone network appears in the Today screen like the following:4Tap Menu > Phone Settings to configure the phone (more information to follow). 5Tap Done to close the Wireless Manager.Note: The Wireless Manager application is available only when Microsoft Zero Configuration is enabled. If Intermec Security is enabled, then this application is not available. See page 175 for information on enabling and configuring Microsoft Security.1Tap Start > Settings > the Connections tab > the Wireless Manager icon, or tap the Wireless Manager row from the Today desktop.
Chapter 5 — Network Support136 CN3 Mobile Computer User’s ManualActivating the PhoneThe GSM/EDGE phone is activated via a SIM card that you can purchase from your network provider, and inserted in the miniSD/SIM cavity in the back of your CN3. Contact your Intermec representative for more information.To insert the SIM card1Press the power switch to suspend the CN3, then remove the battery pack from the back of the CN3.2Remove the two screws on the miniSD/SIM card slot door. Note the screws to this door are to be torqued to 1.5 in-lbs. 3Gently lift the door to the card slot, then with the metal contacts facing down, insert the SIM card into its card slot in the door.4Press the miniSD/SIM card slot door down, insert the two screws, reinsert the battery pack, then press the power switch.Once the door to the miniSD is opened (for changing, installing, or removing the SIM or miniSD card); a cold-boot is performed.Using the GSM/EDGE PhoneTo access the application that processes your phone calls•Tap Start > Settings > the Phone desktop icon from the Personal tab, or•Tap Start > Phone.miniSD/SIM doorSIM card slot
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 137Tap the appropriate keys to enter a telephone number, then tap Talk to dial the number shown above the keypad.To use the Speed Dial feature•Tap Speed Dial to select a telephone number with which the CN3 is to dial automatically. Use the Contacts application to add to this list. See “Contacts: Tracking Friends and Colleagues” on page 54 for more information.To use the Call History feature•Tap Call History to note the telephone numbers that were previously dialed from this CN3.Tap this to backspace one digitTap this to select a Tap this to view previous callsTap this to access the Contacts applicationpreviously dialed number
Chapter 5 — Network Support138 CN3 Mobile Computer User’s ManualTo customize your phone settingsCustomizing the PhoneTap the Phone tab to customize your phone settings such as the ring type and ring tone to use for incoming calls, and the keypad tone to use when entering phone numbers. Tap Change PIN to reset the personal identification number for this phone.Setting the Phone Services1Tap the Services tab to access settings for any of the provided services. Tap any of the settings, then tap Get Settings.• Either select Menu > Options from the Phone application, or • Select Start > Settings > the Personal tab > the Phone icon to access the applet.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 1392Make your changes, then tap ok to return to the Settings screen. Below is a sample Settings screen.Setting Up the NetworkTap the Network tab to find, set, or select the type of network on which this phone is to communicate.Remote Access (Modems)You can set up connections to the Internet and corporate network at work to browse the Internet or intranet, send and receive e-mail, and synchronize information using ActiveSync. Connections are made via wireless networks.Your CN3 has two groups of connection settings: My ISP and My Work Network. Use My ISP settings to connect to the Internet. Use My Work Network settings to connect to any private network.•My ISPOnce connected, you can send and receive e-mail messages by using Messaging and view web pages by using Internet Explorer Mobile. The communication software for creating an ISP connection is already installed on your CN3. Your service provider provides the software needed to install other services, such as paging and fax services. If this is the method you want to use, see “Connecting to an Internet Service Provider” on page 140.
Chapter 5 — Network Support140 CN3 Mobile Computer User’s Manual•My Work NetworkConnect to the network at your company or organization where you work. Once connected, you can send and receive e-mail messages by using Messaging, view web pages by using Internet Explorer Mobile, and synchronize with your desktop. If this is the method you want to use, see “Connecting to Work” on page 143.Connecting to an Internet Service ProviderYou can connect to your ISP, and use the connection to send and receive e–mail messages and view web pages.Get an ISP dial-up access telephone number, a user name, and a password from your ISP.To connect to an Internet service provider3Enter a name for the connection, such as “ISP Connection.” Tap the Help icon to view additional information for any screen in the wizard or while changing settings.1Tap Start > Settings > the Connections icon. 2In My ISP, tap Add a new modem connection.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 1414If using an external modem connected to your CN3 with a cable, select “Hayes Compatible on COM1” from the Select a modem list drop-down list, then tap Next to continue.5Enter the access phone number, then tap Next. For more information, tap use dialing rules.6Enter the user name, password, and domain (if provided by an ISP or your network administrator), then tap Finish.
Chapter 5 — Network Support142 CN3 Mobile Computer User’s Manual7Tap the Advanced tab from the Connections screen, then tap Dialing Rules to specify your current location. These settings apply to all connections.8Tap Use dialing rules, tap ok, then tap Edit to continue.9Specify your current phone type. If your phone type is pulse dialing, check Pulse dialing. If your type is tone dialing (as most phone lines are), then clear Pulse dialing. Continue to tap ok to close each page and return to the Settings page.To start the connection, start using one of the following programs. Once connected, you can:• Send and receive e-mail messages by using Messaging. Before you can use Messaging, you need to provide the information it needs to communicate with the e-mail server.• Visit web pages by using Internet Explorer Mobile. For more information, see “Internet Explorer Mobile” on page 72.Note: Tap Manage existing connections to change modem connection settings in My ISP. Select the desired modem connection, tap Settings, then follow the instructions on the screen.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 143Connecting to WorkIf you have access to a network at work, you can send e-mail messages, view intranet pages, synchronize your CN3, and possibly access the Internet. Create a modem connection via a RAS (Remote Access Server) account. Before you can create this modem connection, your network administrator needs to set up a RAS account for you. Your network administrator may also give you Virtual Private Network (VPN) settings.To connect to work3Enter a name for the connection, such as “Company Connection.” 4In the Select a modem list, select your modem type, then tap Next to continue. If your modem type does not appear, try reinserting your CN3 into your modem dock.• If using an external modem connected to your CN3 with a cable, select “Hayes Compatible on COM1.”• If using any type of external modem, select the modem by name. If a listing does not exist for your external modem, select “Hayes Compatible on COM1.”Note: To change modem connection settings in My Work Network, tap Manage existing connections. Select the desired modem connection, tap Settings, then follow the instructions on the screen.To view additional information for any screen in the wizard or while changing settings, tap the Help icon.1Tap Start > Settings > the Connections icon. 2In My Work Network, tap Add a new modem connection.
Chapter 5 — Network Support144 CN3 Mobile Computer User’s Manual5Enter the access phone number, using some of the following guidelines. If you know part of the phone number changes frequently as you travel, create dialing rules to avoid creating numerous modem connections for the same phone number. For more information, tap use dialing rules.• Enter the phone number exactly as you want it dialed. For example, if you call from a business complex or hotel that requires a nine before dialing out, enter “9” in front of the phone number.• Enter the APN provided by your mobile phone service provider.• When using dialing rules, phone numbers are entered differently. To use additional numbers, such as a “9” to dial from an office complex or hotel, you must use additional dialing rules or change dialing patterns. See the “Create Dialing Rules” online help for information.aIn Country/Region code, enter the appropriate code when dialing internationally. For more information, contact an operator at your local phone company.bIn Area code, enter the area code, if needed.cEnter the Phone Number, then tap Next to continue.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 1454Enter the user name, password, and domain (if provided by an ISP or your network administrator). If a domain name was not provided, try the connection without entering a domain name. Tap Finish.Creating a VPN Server Connection to WorkA VPN connection helps you to securely connect to servers, such as a corporate network, via the Internet. Ask your network administrator for the following: user name, password, domain name, TCP/IP settings, and host name or IP address of the VPN serverTo create a VPN server connection to workTo view additional information for any screen in the wizard or while changing settings, tap the Help icon.Note: Tap Manage existing connections > the VPN tab to change existing settings in My Work Network. Select the desired VPN connection, tap Settings, then follow the instructions on the screen.1Tap Start > Settings > the Connections icon. 2In My Work Network, tap Add a new VPN server connection.
Chapter 5 — Network Support146 CN3 Mobile Computer User’s Manual3In Name, enter a name for the connection, such as a company’s name. In Host name/ IP, enter the VPN server name or IP address. Next to VPN type, select the type of authentication to use with your device: “IPSec/L2TP” or “PPTP.” If you are not sure which option to choose, ask your network administrator. Tap Next to continue.4Select the type of authentication. If you select A pre-shared key, enter the key provided by your network administrator.5Enter your user name, password, and domain name as provided by your ISP or network administrator, then tap Finish. If a domain name was not provided, try the connection without entering a domain name.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 147Insert necessary equipment, such as a network card, into the CN3, and use a desired program to begin connecting.Ending a ConnectionUse any of these methods to end your connection:• When connected via cable or cradle, detach your CN3.• When connected via Infrared, move the CN3 away from the other computer or device.• When connected via a wireless network, switch off the connection.iConnectWith iConnect, you can manage these features of your CN:• FTP server• Network interfacesFTP ServeriConnect allows you to:• enable or disable the FTP server.• manage the state of the FTP server based on the registry key settings. iConnect manages the state of the FTP server when iConnect first starts and when a network change occurs though iConnect.The easiest way to manage the FTP server is to enable the FTP menu within iConnect.To enable the FTP menu• Create this DWORD registry key and set it to a value of 1:HKEY_CURRENT_USER\Software\iConnect2\IConnect\Settings\ShowFTPMenu• When connected via modem or VPN, tap the Connectivity icon on the top, then tap Disconnect.
Chapter 5 — Network Support148 CN3 Mobile Computer User’s ManualThe iFTP menu is available the next time you start iConnect.To manage the state of the FTP server• Modify these existing registry keys:HKEY_CURRENT_USER\Software\iConnect2\IConnect\Settings\FtpAutoStartHKEY_CURRENT_USER\Software\iConnect2\IConnect\Settings\FtpHeartbeatwhere 1 = enable and 0 = disable.Network InterfacesThe default network adapter or radio is dependent on what radios are installed in your CN3. With the iConnect menu, using the Enable feature, you can specify “Wireless” or “No Networking” to load onto your CN3 when a cold-boot is performed. If you had specified a network prior to when a warm-boot is performed on the CN3, the iConnect application restores your network interfaces to what they were before the warm-boot was performed.See the Developer’s Support area of the Intermec web site for the latest information on network adapters for your CN3.To access the iConnect menu• Select Dismiss from the iConnect menu to end the session without exiting the application.• Select Exit iConnect to exit the application. To access the iConnect application after you have exited it• Perform a warm-boot on the CN3. The iConnect icon then reappears above the command bar.No NetworkingTo disable the networking interface • Select Enable > No Networking from the iConnect menu. The Wireless radio tower icon is replaced with one that shows an “X,” a check mark appears next to the “No Networking” option in the menu, and the iConnect application disables all other networking interfaces.Wireless CommunicationsTo enable wireless communications on the CN3• Select Enable > Wireless from the iConnect menu. •Tap the iConnect icon (shown to the left) above your command bar.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 149The Wireless icon (shaped like a radio tower) appears in the toolbar, a check mark appears next to the “Wireless” option in the menu, and wireless communications is enabled.To configure wireless communications on the CN3• Select Tools > Wireless Settings from the iConnect menu to access the Profile Wizard for the 802.11b/g radio module.To configure wireless 802.11b/g communications using the Profile WizardTo view information about the Wireless 802.11b/g communications• Select Tools > Wireless IP Settings from the iConnect menu for the following:To view the status of the Wireless communications• Select Status > Wireless from the iConnect menu to view the status. Tap Tr y  A gain to check the status after you make changes to the connection.Ping TestTo test the connection of your CN3 against your network• Select Tools > Ping Test from the iConnect menu.To ping your gateway or DHCP server• Select Ping my gateway or DHCP server, then select which to ping from the top drop-down list. •Tap Start > Settings > the System tab > the Wireless Network icon to access the Profile Wizard. Go to “Configuring Microsoft Security” on page 175 for information.
Chapter 5 — Network Support150 CN3 Mobile Computer User’s ManualTo ping a specific host• Select Ping the host address below, then enter its IP address in the field beneath. After you make your selection, tap Ping! and wait for results.ISpyWiFiThe ISpyWiFi utility provides more detailed information for the 802.11 radio connection in your CN3, such as MAC address, access point information, association, encryption, power management, antenna status, RSSI, data link rates, and supplicant status.With the utility, you can scan for access points in your network and ping for detailed and illustrated information.Starting the UtilityThe ISpyWiFi utility is installed in your CN3 as an executable. You can either start the utility using File Explorer or create a shortcut with which to start the utility from the CN3 desktop.To start the ISpy WiFi utility via File ExplorerTo place the ISpyWiFi utility in the Programs group1Press and hold your stylus on the ISpyWifi executable for its pop-up menu, then select Copy.2Scroll up to the “\Start Menu\Programs” folder, then tap it to open.1Tap Start > Programs > the File Explorer icon.2Tap the “\Windows” folder from the root. 3Scroll down for, then double-click the ISpyWifi executable.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 1513Press and hold your stylus in an empty (white) area in the folder, for its pop-up menu, then select Paste Shortcut.To use the ISpyWiFi tabThe ISpyWiFi tab contains network interface, configuration, access point, and radio frequency information:4Close the File Explorer, select Start > Programs to locate the Shortcut to ISpyWifi icon. Tap this icon to access the ISpyWifi application. Note that this icon is temporary.WiFi NIC (Network Interface Card)BCMCF1 A WLAN adapter and its associated driver versionMAC The client radio MAC addressIP(DHCP) The IP address of the client radio, if using DHCPIP (Static) The IP address of the client radio, if using a static IP address
Chapter 5 — Network Support152 CN3 Mobile Computer User’s ManualTo use the WiFi Scan tabUse the WiFi Scan tab to scan your network and bring back information about any access points with which you can communicate. See “Wireless Network” on page 182 for information on connecting with a network.Tap Scan, then wait for the table to fill with information. Tap any of the columns to sort by ascending or descending order. Tap the slider bar on the bottom to scroll left and right to view all of the information.APStatus Shows whether the radio is associated with the access pointChannel The channel on which the radio is communicating with the access pointESSID The text SSID (Network Name) for your networkBSSID MAC address of radio AP with which the client radio is communicatingConfigAssociation Shows one of the following types:Open, WPA, WPA-PSK, WPA2, Network EAPNote that more information about these types start on page 183.Encrypt Shows potential encryptions for the association shown:Key Absent/WEP, TKIP, Key Absent, TKIP/AES, WEPPower CAM (Constantly Awake Mode) or FAST PSP (Power Save Poll)Antenna Diversity (multiple antennas), Primary (one antenna)RFTX Power Transmit power level in milliwatts (mW).RSSI The Received Signal Strength Indicator. The closer to zero, the better. For example: -40dBm is excellent, while -60dBm is good.Link The data rate at which the radios are communicating
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 153•SSID displays the broadcast range from the access point.•Signal shows the RSSI seen from the access point.•Channel lists the channel on which client radio is communicating with access point.•BSSID displays the MAC address for the access point radio• When Privacy shows a “Y,” WEP, TKIP, or AES encryption is used; an “N” indicates that no encryption is used.To use the Supplicant tabThe Supplicant tab provides you with security and authentication information configured elsewhere in the CN3. See “Configuring Security” on page 156 for setting up Funk and Microsoft security.Security and Authentication InformationStatus DescriptionService Status ON: Intermec Funk Security is enabledOFF: Microsoft Security is enabledStarting Up:Shutting Down:Unknown/Undefined:Authentication State authenticated: Authentication Server successfulauthentication failed: Previous authentication attempt faileddisconnected: No authentication used, Open or Static WEP connection usedacquired: Access point located, authentication process not initiatedauthenticating: Attempting authentication with Authentication Serverlogoff: Current session terminated by supplicantunknown: Error occurred, but not definedAuthentication Result success: Authentication successfultime-out: Authentication Server not responding to requests, may be out of rangeno credentials: Proper credentials not configured in deviceclient reject: Unable to validate access point certificateserver reject: Authentication Server rejects submitted credentialsunknown: No authentication used or in the process of authenticationSupplicant Events Displays output from the supplicant detailing its status.Intermec Supplicant Version Version of Intermec Funk Security in the CN3
Chapter 5 — Network Support154 CN3 Mobile Computer User’s Manual• Click Configure Profile to launch the Profile Wizard and configure 802.11 options. See “Using the Profile Wizard” on page 161 for information on configuring this wizard.• Click Reconnect to disassociate the radio, momentarily dropping its connection. The radio then reassociates and reauthenticates, but does not do anything with the radio driver.• Click Clear Events to remove the information shown in the Supplicant Event box.PingingUse the Ping tab to contact with any host in your network for information.To ping a host1From the Host drop-down list, select an IP address for the host you want to ping. Enter a new IP address using the input panel or the keypad. Select Clear List to remove all the IP addresses from the drop-down list.2From the Repetitions drop-down list, select the number of times to ping the selected host. These repetitions are done once per second.3Tap Ping to initiate contact with the selected host.Ping InformationStatus DescriptionTiming Statistics Min: The shortest ping reply in milliseconds (ms)Max: The maximum ping reply in millisecondsAvg: The average ping reply timeCount: The number of pings already completedTimeouts: The number of pings that did not receive a responseBSSID The MAC address for the access point radioChannel The channel on which the access point is communicatingRSSI The RSSI seen on the access pointLink The speed at which the last ping occurred
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 1554Depending on how the screen is set up, you can toggle between a graph and a list of ping results:•Tap Graph to toggle to the graphical view of 25 of the most recent pings and their response results, like in the following sample graph:Note the size of the gray area represents the standard deviation from the mean.•Tap List to toggle to detailed information showing what ping touched what host and its RTT (Round Trip Time).Logging SupplicantsIf you reach a situation where you need to send in debug information to Intermec Product Support or Intermec Engineering, you can use the Intermec Funk Security logging feature.To enable the logging feature1Tap the Supplicant tab, then tap Configure Profile to access the Profile Wizard.2Tap Edit Selected Profile, then tap the Advanced tab.3Check Enable Logging, tap ok to close the profile settings, then tap ok to close the Profile Wizard.Maximum pingLast pingAverage pingMinimum ping
Chapter 5 — Network Support156 CN3 Mobile Computer User’s ManualThe debug output file is then stored in the “\My Device” root folder as a text file called “uroddsvc.” Using File Explorer, press and hold your stylus on this file for its pop-up menu, then select any of its options to copy, beam, send, or delete this file.Configuring SecurityThe CN3 provides three types of security for your wireless network:• Wi-Fi Protected Access 2 (WPA2/802.11i)•WPA• WEP. 802.1x (should be referred to as an authentication method used for WPA and WPA2) Another authentication method for WPA and WPA2 would be the Pre-Shared Key (PSK).Intermec recommends that you use Intermec Settings to configure your security. For help, see the Intermec Computer Command Reference Manual (P/N 073529) available online at www.intermec.com.Choosing Between Microsoft and Funk SecurityBefore you can implement a security solution on the CN3, you need to choose between Microsoft and Funk security:• By default, Funk security is enabled. It provides everything you get with Microsoft security plus Cisco Compatible Extensions features. It also provides additional authentication types like EAP-TTLS, LEAP, and EAP-FAST.• Microsoft security, with its Microsoft Zero Config feature, is also available. To switch to Microsoft security, go to “Configuring Microsoft Security” on page 175 to start.Configuring Funk SecurityYou can define up to four profiles for your Funk security. Different profiles let your CN3 communicate in different networks without having to change all of your security settings. For example, you can set up one profile for the manufacturing floor and one for the warehouse.Note: Your security choice does not depend on your authentication server. For example, you can choose Funk security if you use Microsoft Active Directory® to issue certificates.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 157To configure Funk SecurityUsing WPA SecurityWi-Fi Protected Access (WPA) is a strongly enhanced, interoperable Wi-Fi security that addresses many of the vulnerabilities of Wired Equivalent Privacy (WEP). Instead of WEP, WPA uses Temporal Key Integrity Protocol (TKIP) for its data encryption method. Currently, WPA satisfies IEEE 802.11i standards.WPA runs in Enterprise (802.1x) mode or PSK mode:• In Enterprise mode, WPA provides user authentication using 802.1x and the Extensible Authentication Protocol (EAP). That is, an authentication server (such as a RADIUS server) must authenticate each device before the device can communicate with the wireless network.• In PSK mode, WPA provides user authentication using a shared key between the authenticator and the CN3. WPA-PSK is a good solution for small offices or home offices that do not want to use an authentication server.To use WPA security, you need an access point with an 802.11b/g radio that supports WPA.1Select Start > Settings > the System tab > the Intermec Settings icon.2Tap (+) to expand Communications > 802.11 Radio > Funk Security.3Select an active profile, then configure its security settings.
Chapter 5 — Network Support158 CN3 Mobile Computer User’s ManualConfiguring WPA Security With Funk SecurityUse this procedure to set WPA security with Funk security.1Make sure you have configured the communications and radio parameters on your CN3 and that Funk is your security choice.2Open Intermec Settings. Tap (+) to expand Communications > 802.11 Radio > Funk Security > Profile X with “X” being “1” through “4.”3For Association, select “WPA” and press Enter.4For 8021x, select “PEAP,” “TLS,” “TTLS,” “LEAP,” or “EAP-FAST” and press Enter.If you select “TTLS” or “PEAP:”aSelect User Name, type your user name, then press Enter.bSelect User Password, type a user password, then press Enter.cFor Validate Server Certificate, select “Yes,” then press Enter. Note that you must have the date on the CN3 set correctly when you enable Validate Server Certificate.dYou must enter a User Name and Subject Name. You can also enter a Server 1 Common name or Server 2 Common name if you want to increase your level of security.If you select “TLS:”aLoad a user and root certificate on your CN3. For help, see “Loading Certificates” on page 182.bFor Validate Server Certificate, select “Yes,” then press Enter. Note that you must have the date on the CN3 set correctly when you enable Validate Server Certificate.cYou must enter a User Name and Subject Name. You can also enter a Server 1 Common name or Server 2 Common name if you want to increase your level of security.If you select “LEAP” or “EAP-FAST:”aSelect User Name, type your user name, then press Enter.bSelect User Password, type a user password, then press Enter.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 159Configuring WPA-PSK Security With Funk Security1Make sure you have configured the communications and radio parameters on your CN3 and that Funk is your security choice.2Open Intermec Settings. Tap (+) to expand Communications > 802.11 Radio > Funk Security > Profile X with “X” being “1” through “4.”3For Association, select “WPA” and press Enter.4For 8021x, select “None” and press Enter.5For Pre-Shared Key, enter the pre-shared key or the passphrase.The pre-shared key must be a value of 32 hex pairs preceded by 0x for a total of 66 characters. The value must match the key value on the access point. The passphrase must be from 8 to 63 chtomaracters. After you enter a passphrase, the CN3 internally converts it to a pre-shared key. This value must match the passphrase on the authenticator.6Exit Intermec Settings.Using 802.1x Authentication802.1x authentication provides centralized user authentication using an authentication server, authenticators (access points), and supplicants. These components communicate using an EAP authentication type, such as TLS (Transport Layer Security) or PEAP (Protected Extensible Authentication Protocol). 802.1x security provides data encryption using dynamic WEP key management. To use 802.1x security, you need:• An access point with an 802.11b/g radio.• A CN3 with an 802.11b/g radio and the 802.1x/WPA security option.
Chapter 5 — Network Support160 CN3 Mobile Computer User’s ManualConfiguring 802.1x Security With Funk Security1Make sure you have configured the communications and radio parameters on your CN3 and that Funk is your security choice.2Open Intermec Settings. Tap (+) to expand Communications > 802.11 Radio > Funk Security > Profile X with “X” being “1” through “4.”3For Association, select “Open” and press Enter. When working with Cisco Aironet access points, you can select “Network-EAP.”4For Encryption, select “WEP” and press Enter.5For 8021x, select “PEAP,” “TLS,” “TTLS,” “LEAP,” or “EAP-FAST” and press Enter.If you select “TTLS” or “PEAP”aSelect User Name, type your user name, then press Enter.bSelect User Password, type a user password, then press Enter.cFor Validate Server Certificate, select “Yes,” then press Enter. Note that you must have the date on the CN3 set correctly when you enable Validate Server Certificate.dEnter a User Name and Subject Name. You can also enter a Server 1 Common name or Server 2 Common name to increase security.If you select “TLS”aLoad a user and root certificate on your CN3 (page 182).bFor Validate Server Certificate, select “Yes,” then press Enter. Note that you must have the date on the CN3 set correctly when you enable Validate Server Certificate.cYou must enter a User Name and Subject Name. You can also enter a Server 1 Common name or Server 2 Common name if you want to increase your level of security.If you select “LEAP” or “EAP-FAST”Select User Name, then type your user name. press Enter, select User Password, type a user password, then press Enter.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 161Using Static WEP SecurityThe CN3 uses the Wired Equivalent Privacy (WEP) protocol to add security to your wireless network based on the 802.11b/g standard. To use WEP security, you need an access point with an 802.11b/g radio.Configuring Static WEP Security With Funk SecurityUse this procedure to set Static WEP security with Funk security.1Make sure you have configured the communications and radio parameters on your CN3 and that Funk is your security choice.2Open Intermec Settings. Tap (+) to expand Communications > 802.11 Radio > Funk Security > Profile X with “X” being “1” through “4.”.3For Association, select “Open” and press Enter. 4For Encryption, select “WEP” and press Enter.5For 8021x, select “None” and press Enter.7For Tr a n sm it key, select which WEP key to use for encryption of transmitted data.8Define a value for each key, up to four. Enter an ASCII key or a hex key either 5 or 13 bytes long based on the radio capability. Set a 5-byte value for 64-bit WEP or a 13-byte value for 128-bit WEP. Precede hex keys with 0x and make sure the keys use 5 or 13 hex pairs.Using the Profile WizardA profile contains all the information necessary to authenticate you to the network, such as login name, password or certificate, and protocols by which you are authenticated.You can have up to four profiles for different networks. For example, you may have different login names or passwords on different networks, or you may use a password on one network, and a certificate on another.To start 802.11b/g communications on the CN3, tap Start > Settings > the System tab > the Wireless Network icon to access the Profile Wizard for the 802.11b/g radio module.
Chapter 5 — Network Support162 CN3 Mobile Computer User’s ManualUse the Profiles page to select and configure between the networking environments assigned to this 802.11b/g radio.•Tap the Profile drop-down list to choose between four different profiles assigned to this CN3, then tap Edit Select Profile, make the changes needed for this profile (starting on the next page), then tap ok to return to the Profiles page.• Check Enable Microsoft’s Wireless Zero Config to enable Microsoft's Wireless Zero Config application and disable the Intermec software solution for 802.11b/g, including configuration via the Wireless Network applet.BasicUse the Basic page to set the network type, name, and manage battery power for this profile. Tap ok to return to the Profiles page.• Enter a unique Profile Label name for your profile.•Tap the Network type list to select “Infrastructure” if the network uses access points to connect to the corporate network or internet; or “Ad-Hoc” to set up a private network with one or more participants.• If you select “Ad-Hoc” for the network type, select the Channel on which you are communicating with others in your network. There are up to 11 channels available.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 163•SSID (Network Name) assumes the profile name unless another name is entered in this field. If you want to connect to the next available network or are not familiar with the network name, enter “ANY" in this field. Consult your LAN administrator for network names.• Check Enable Power Management to conserve battery power (default), or clear this box to disable this feature.SecurityThese are available from the 8021x Security drop-down list: None, PEAP (page 165), TLS (page 167), TTLS (page 168), LEAP (page 171), and EAP-FAST (page 172).To disable 802.1x security and enable WEP encryption1Set 8021x Security as “None.”2Set Association to “Open.”3Set Encryption to “None.”To enable WEP encryption1Set 8021x Security as “None” and Association to “Open” or “Shared” as required to match the settings in your access point. “Open” is the recommended choice as “Shared” key authentication has security weaknesses.2Set Encryption to “WEP.”3Select a data transmission key from the Data TX Key drop-down list near the bottom of this screen.
Chapter 5 — Network Support164 CN3 Mobile Computer User’s Manual4Enter an ASCII key or a hex key either 5 or 13 bytes long based on the radio capability in the appropriate Key # field. Set a 5-byte value for 64-bit WEP or a 13-byte value for 128-bit WEP. Precede hex keys with 0x and make sure the keys use 5 or 13 hex pairs.To enable WPA encryption using a pre-shared key1Set 8021x Security as “None.”2Set Association to “WPA.”3Enter the passphrase as ASCII (12345) in the Pre-Shared Key field.To enable WPA2 encryption using a preshared key1Set 8021x Security as “None.”2Set Association to “WPA2.”3Set Encryption to either “TKIP” or “AES.”
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 1654Enter the passphrase as ASCII (12345) in the Pre-Shared Key field.PEAP (Protected EAP)This protocol performs secure authentication against Windows domains and directory services. It is comparable to EAP-TTLS (see page 168), both in its method of operation and its security, though not as flexible. This does not support the range of inside-the-tunnel authentication methods supported by EAP-TTLS. Microsoft and Cisco both support this protocol.Use “PEAP” to configure the use of PEAP as an authentication protocol and to select “Open,” “WPA,” “WPA2,” or “Network EAP” as an association mode.To configure with PEAP1Set 8021x Security as “PEAP,” then choose any of the following:•Set Association to “Open.”•Set Association to “WPA.”•Set Association to “WPA2” and Encryption to “TKIP” or “AES.”•Set Association to “Network EAP” and Encryption to either “WEP” or “CKIP.”2Enter your unique Username and password to use this protocol.
Chapter 5 — Network Support166 CN3 Mobile Computer User’s Manual3Select Prompt for password to have the user enter this password each time to access the protocol; or leave Use following password as selected and enter your unique password to use the protocol without entering a password each time you use your CN3.4Tap Get Certificates to obtain or import server certificates (page 170).5Tap Additional Settings to assign an inner PEAP authentication and set options for server certificate validation and trust.To configure additional PEAP settings1Select a method from the Inner PEAP Authentication drop-down list.2Check Validate Server Certificate to verify the identity of the authentication server based on its certificate when using PEAP.3Tap Root CA, select a root certificate, then OK to close.4Enter the Common Names of trusted servers. If these fields are left blank, the client will accept any authentication server with a valid certificate. For increased security, you should specify exactly which authentication servers you expect to use.5Tap ok to return to the Security page.PEAP Authentication MethodsMethod DescriptionEAP/MS-CHAP-V2 Authenticates against a Windows Domain Controller and other non-Windows user databases. This is Microsoft's implementation of PEAP.EAP/Token Card Use with token cards. The password value entered is never cached. This is Cisco's implementation of PEAP.EAP/MD5-Challenge Message Digest 5. A secure hashing authentication algorithm.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 167TLS (EAP-TLS)EAP-TLS is a protocol that is based on the TLS (Transport Layer Security) protocol widely used to secure web sites. This requires both the user and authentication server have certificates for mutual authentication. While cryptically strong, this requires corporations that deploy this to maintain a certificate infrastructure for all their users.Use “TLS” to configure using EAP-TLS as an authentication protocol, pick “Open,” “WPA,” “WPA2,” or “Network EAP” as an association mode.To configure TLS settings1Set 8021x Security as “TLS, then choose any of the following:•Set Association to “Open.”•Set Association to “WPA.”•Set Association to “WPA2” and Encryption to “TKIP” or “AES.”•Set Association to “Network EAP” and Encryption to either “WEP” or “CKIP.”2Enter your unique Subject Name and User Name of the corresponding certificate installed on your CN3 to use this protocol.3Tap Get Certificates to obtain or import server certificates (page 170).4Tap Additional Settings to set server certificate validation and trust.To configure additional TLS settings1Check Validate Server Certificate to verify the identity of the authentication server based on its certificate when using TLS.2Tap Root CA, select a root certificate, then tap OK to return to the TLS settings.3Enter the Common Names of trusted servers. If these fields are left blank, the client will accept any authentication server with a valid certificate. For increased security, you should specify exactly which authentication servers you expect to use.
Chapter 5 — Network Support168 CN3 Mobile Computer User’s Manual4Tap ok to return to the Security page.TTLS (EAP-Tunneled TLS)This protocol provides authentication like EAP-TLS (see page 167) but does not require user certificates. User authentication is done using a password or other credentials that are transported in a securely encrypted “tunnel” established using server certificates.EAP-TTLS works by creating a secure, encrypted tunnel through which you present your credentials to the authentication server. Thus, inside EAP-TTLS there is another inner authentication protocol that you must configure via Additional TTLS Settings.Use “TTLS” to configure EAP-TTLS as an authentication protocol, select “Open,” “WPA,” “WPA2,” or “Network EAP” as an association mode.To configure TTLS settings1Set 8021x Security as “TTLS,” then choose one of the following:•Set Association to “Open.” (default configuration)•Set Association to “WPA.”•Set Association to “WPA2” and Encryption to “TKIP” or “AES.”•Set Association to “Network EAP” and Encryption to either “WEP” or “CKIP.”
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 1692Enter your unique Username to use this protocol.3Select Prompt for password to have the user enter this password each time to access the protocol, or leave Use following password as selected and enter your unique password to use the protocol without entering a password each time you use your CN3.4Tap Get Certificates to obtain or import server certificates (page 170).5Tap Additional Settings to assign an inner TTLS authentication and an inner EAP, and set the server certificate validation and trust.To configure additional TTLS settings1Select an authentication method from the Inner TTLS Authentication drop-down list.2If you select “EAP” for the inner authentication protocol, then select an inner EAP protocol from the Inner EAP drop-down list.3Enter the Common Names of trusted servers. If these fields are left blank, the client will accept any authentication server with a valid certificate. For increased security, you should specify exactly which authentication servers you expect to use.4Check Validate Server Certificate to verify the identity of the authentication server based on its certificate when using TTLS.5Tap Root CA, select a root certificate, then tap OK to return to the Inner TTLS Authentication.TTLS Authentication MethodsMethod DescriptionPAP Password Authentication Protocol. A simple authentication protocol that sends security information in the clear.CHAP Challenge Handshake Authentication Protocol. Use of Radius to authenticate a terminal without sending security data in the clear. Authenticates against non-Windows user databases. You cannot use this if authenticating against a Windows NT Domain or Active Directory.MS-CHAP; MS-CHAP-V2Authenticates against a Windows Domain Controller and other non-Windows user databases.PAP/Token Card Use with token cards. The password value entered is never cached.EAP Extensible Authentication Protocol
Chapter 5 — Network Support170 CN3 Mobile Computer User’s Manual6Enter the Anonymous EAP-TTLS Name as assigned for public usage. Use of this outer identity protects your login name or identity. Tap ok.Getting CertificatesCertificates are pieces of cryptographic data that guarantee a public key is associated with a private key. They contain a public key and the entity name that owns the key. Each certificate is issued by a certificate authority.Use these fields for batch importing certificates into the Microsoft certificate store. You can also use these fields to remotely import certificates onto the CN3 using the SmartSystems Console. However, you must make sure all the certificate files are downloaded to the appropriate folders on the CN3 before you invoke the call through the SmartSystems Console.Importing Root CertificatesSetting this field to “True” imports root certificates located in the “\Temp\Root” folder on the CN3 into the Microsoft Root certificate store. The certificates should be DER-coded and have a .cer file extension. The certificate files are deleted from the CN3 after they import to the store. If there are no certificate files to import, this action fails.To import root certificates1Tap the <<< button next to the Import Root Certificate field to select the root certificate (DER-encoded .cer file) to import.2Click Import Root Cert to install the selected certificate.Importing User CertificatesSetting this field to “True” imports user certificates located in the “\Temp\User” folder on the CN3 into the Microsoft personal certificate store. The certificates must be provided in two files:• DER-encoded certificate that does not contain the .cer private key• base-64 encoded private key with the .pvk extensionNote: When you set either of the following fields to “True,” and the CN3 imports the requested certificates, the field toggles back to “False.” You must reset the field to “True” before you can import more certificates.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 171Both files must have the same name for the appropriate private key to associate with the correct certificate, such as admin.cer and admin.pvk. The certificate files are deleted from the CN3 after they import to the store. If there are no certificates to import, this action fails.To import user certificates1Tap the <<< button next to the Certificate Path field to select the user certificate (DER-encoded .cer file without the private key) to import.2Tap the <<< button next to the Key Path field to select the .pvk private key that corresponds to the user certificate chosen in step 1.3Tap Import User Cert to install the selected certificate.To obtain a user certificateTap Web Enrollment to obtain a user certificate over the network from an IAS Server, then tap X to return to the Security page.LEAP (Cisco Lightweight EAP)LEAP is the Cisco Lightweight version of EAP.Use “LEAP” to configure the use of LEAP as an authentication protocol, select “Open,” “WPA,” “WPA2,” or “Network EAP” as an association mode, or assign “Network EAP.”
Chapter 5 — Network Support172 CN3 Mobile Computer User’s ManualTo configure LEAP settings1Set 8021x Security as “LEAP,” then choose one of the following:•Set Association to “Open.”•Set Association to “WPA.”•Set Association to “WPA2” and Encryption to “TKIP” or “AES.”•Set Association to “Network EAP” and Encryption to either “WEP” or “CKIP.” (default configuration)2Enter your unique Username to use this protocol.3Select Prompt for password to have the user enter this password each time to access the protocol, or leave Use following password as selected and enter your unique password to use the protocol without entering a password each time you use your CN3.EAP-FAST (EAP-Flexible Authentication via Secured Tunnel)The EAP-FAST protocol is a client-server security architecture that encrypts EAP transactions with a TLS tunnel. While similar to PEAP, it differs significantly as EAP-FAST tunnel establishment is based on strong secrets unique to users. These secrets are called Protected Access Credentials (PACs), which CiscoSecure ACS generates using a master key known only to CiscoSecure ACS. Because handshakes based upon shared secrets are intrinsically faster than handshakes based upon PKI, EAP-FAST is the significantly faster of the two solutions that provide encrypted EAP transactions. No certificate management is required to implement EAP-FAST.Use “EAP-FAST” to configure EAP-FAST as an authentication protocol, select “Open,” “WPA,” or “Network EAP” as an association mode.To configure EAP-FAST settings1Set 8021x Security as “EAP-FAST,” then choose one of the following:•Set Association to “Open.”•Set Association to “WPA.”•Set Association to “WPA2.”
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 173•Set Association to “Network EAP” and Encryption to either “WEP” or “CKIP.”2Enter your unique Username to use this protocol.3Select Prompt for password to have the user enter this password each time to access the protocol, or leave Use following password as selected and enter your unique password to use the protocol without entering a password each time you use your CN3.4Tap Additional Settings to set options for PAC management and assign an anonymous EAP-FAST name.To configure additional EAP-FAST settings1Tap PAC Manager to view the PAC files currently installed on your CN3. Tap ok to return to the Additional Settings screen.2If you already have a PAC on your CN3, clear Allow Automatic PAC provisioning to avoid receiving more PACs from the server.3If Allow Automatic PAC provisioning is checked, you can check:•Prompt before acquiring a new PAC for notification of any incoming PACs.•Prompt before replacing a PAC for notification whether to replace a current PAC with an incoming PAC.4Enter the Anonymous EAP-FAST Name as assigned for public usage. This outer identity protects your login name or identity.5Click ok to return to the Security page.
Chapter 5 — Network Support174 CN3 Mobile Computer User’s ManualConfiguring Advanced Settings• Wireless NICs and APs associate based on the SSID configured for the NIC. Given an SSID, the BSSID with the strongest signal is often chosen for association. After association, 802.1x authentication may occur and during authentication credentials to uniquely identify a user - these are passed between the NIC and the AP.Base 802.1x technology does not protect the network from “rogue APs.” These can mimic a legitimate AP to authentication protocols and user credentials. This provides illegal users ways to mimic legitimate users and steal network resources and compromise security.Check Detect Rogue APs to detect and report client behavior suspected of being rogue APs. Once a rouge AP is detected, your CN3 no longer associates with that AP until you perform a clean boot.Clear Detect Rogue APs to solve AP connection problems that result when an AP gets put on the rogue list due to inadvertent failed authentications, not because it is a real rogue.• Mixed cell is a profile-dependent setting. If Enable mixed cell is enabled when you are using WEP, you can connect to access points that allow the optional use of encryption.• When using a wireless LAN that uses Cisco Access Points, a LEAP-enabled client device can roam from one access point to another without involving the authentication (RADIUS) server. If Allow fast roaming (CCKM) is enabled, an access point configured to provide Wireless Domain Services (WDS) takes the place of the RADIUS server (caching credentials of an initial authentication with the RADIUS server) and authenticates the client without perceptible delay in voice or other time-sensitive applications.• Check Enable Logging to log what activity occurs for this profile.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 175Configuring Microsoft SecurityThe default security setting is Funk. If you want to use Microsoft security, you need to select it as your security choice. Intermec recommends that you use Intermec Settings to configure your security. For more information, see the Intermec Computer Command Reference Manual.To enable Microsoft Security3Select “Microsoft Security” from the drop-down list, then press Enter.4Tap Yes or press Esc to clear the alert box, save your settings, then perform a clean boot on the CN3. See “Clean Boot Process” on page 5 for more information on performing a clean boot.You can configure Microsoft Settings using Intermec Settings. However, with Intermec Settings, you cannot detect preferred networks (networks already configured), and WPA2-PSK is not provided. When Microsoft Security is enabled, you can use the Wi-Fi applet to configure your preferred networks. See “Configuring Preferred Networks” on page 177 for more information.1Select Start > Settings > the System tab > the Intermec Settings icon.2Tap (+) to expand Communications > 802.11 Radio > Security Choice.
Chapter 5 — Network Support176 CN3 Mobile Computer User’s ManualTo configure Microsoft Security using Intermec Settings1Tap (+) to expand Communications > 802.11 Radio > Microsoft Security.2Select Network name (SSID) and enter the SSID.To connect to an ad-hoc connection•Set Infrastructure Mode to “Ad hoc”.To disable WEP encryption•Set Network Authentication to “Open” if WEP keys are not required; or “Shared” when WEP keys are required. •Set Data Encryption to “Disabled”.To enable WEP encryption•Set Network Authentication to either “Open” if WEP keys are not required; or “Shared” when WEP keys are required for association. •Set Data Encryption to “WEP.” • If you need to change the network key, set Network Key Setting to “Enter Key and Index”, enter the new key in Network Key Value, and select the appropriate index under Network Key Index.To enable WPA authentication•Set Network Authentication to “WPA.”To enable WPA authentication using a preshared key•Set Network Authentication to “WPA-PSK,” then enter a new network key under Pre-Shared Key.3Select File > Save Settings to set the changes made.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 177Configuring Preferred NetworksNetworks already configured are preferred networks. You can connect to only preferred networks or search for and connect to any available network.A wireless network can be added either when the network is detected, or manually by entering settings information. To determine if authentication information is needed, see your network administrator.To add a wireless network2Enter a Network name. If the network was detected, the network name is entered and cannot change.3From Connects to, select to what your network is to connect. If you select “Work,” you can do a VPN connection or use proxy servers. If you select “The Internet,” you can connect directly to the internet.4Select This is a device-to-device (ad-hoc) connection to connect to an ad-hoc connection.1Tap Start > Settings > the Connections tab > the Wi-Fi icon , then tap Add New . . .
Chapter 5 — Network Support178 CN3 Mobile Computer User’s Manual5Do one of the following:To disable WEP encryption•Set Authentication to either “Open” if WEP keys are not required; or “Shared” when WEP keys are required for association. •Set Data Encryption to “Disabled.”To enable WEP encryption•Set Authentication to either “Open” if WEP keys are not required; or “Shared” when WEP keys are required for association. •Set Data Encryption to “WEP.” •Clear The key is automatically provided, then enter the new Network key and select the appropriate Key index to change the network key.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 179To enable WPA authentication•Set Authentication to “WPA.”•Set Data Encryption to either “AES” or “TKIP.” • Enter the new Network key.To enable WPA authentication using a preshared key•Set Authentication to “WPA-PSK.” •Set Data Encryption to either “AES” or “TKIP.” • Enter the new Network key.
Chapter 5 — Network Support180 CN3 Mobile Computer User’s ManualTo enable WPA2 authentication•Set Authentication to “WPA2.” •Set Data Encryption to either “AES” or “TKIP.” • Enter the new Network key.To enable WPA2 authentication using a preshared key•Set Authentication to “WPA2-PSK.” •Set Data Encryption to either “AES” or “TKIP.” • Enter the new Network key.6Tap Next, select either “PEAP” or “Smart Card or Certificate” for the EAP type, then tap Properties to adjust its settings.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 1817Tap Finish to return to the Configure Wireless Network screen.8From the Networks to access drop-down list, select “All Available,” “Only access points,” or “Only computer-to-computer” depending on the type of networks to which you connect. Tap ok to close this screen.Note: If you select to connect to non-preferred networks, your CN3 detects any new networks and provides configuration opportunities.
Chapter 5 — Network Support182 CN3 Mobile Computer User’s ManualLoading CertificatesIf you choose to use Transport Layer Security (TLS) with WPA or 802.1x security, you need to have a unique client certificate on the CN3 and a trusted root certificate authority (CA) certificate. If you choose to use PEAP, you need to load a root CA certificate. You can use a third-party CA to issue unique client certificates and a root certificate.To load certificatesWireless NetworkYour wireless adapter (network interface card) connects to wireless networks of two types: infrastructure networks and ad-hoc networks.• Infrastructure networks get you onto your corporate network and the internet. Using the 802.11b/g infrastructure mode, the CN3 establishes a wireless connection to an access point, linking you to the rest of the network.• Ad-hoc networks are private networks shared between two or more clients, even with no access point.Each wireless network is assigned a name (or Service Set Identifier - SSID) to allow multiple networks to exist in the same area without infringement.Intermec recommends using security measures with wireless networks to prevent unauthorized access to your network and to ensure your privacy of transmitted data. Authentication (cryptographically protected) by both the network and the user, transmitted data, and encryption are required elements for secure networks. Schemes are available to implement the features.• If your CA is on your WLAN, select Start > Settings > the System tab > the Certificates icon > the Root tab to view certificate details. • Press and hold a certificate, then select Delete to remove a certificate.
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 183EncryptionAES (Advanced Encryption Standard)A block cipher, a type of symmetric key cipher that uses groups of bits of a fixed length - called blocks. A symmetric key cipher is a cipher using the same key for both encryption and decryption.As implemented for wireless, this is also known as CCMP, which implements AES as TKIP and WEP are implementations of RC4.CKIP (Cisco Key Integrity Protocol)This is Cisco's version of the TKIP protocol, compatible with Cisco Aironet products.TKIP (Temporal Key Integrity Protocol)This protocol is part of the IEEE 802.11i encryption standard for wireless LANs., which provides per-packet key mixing, a message integrity check and a re-keying mechanism, thus overcoming most of the weak points of WEP. This encryption is more difficult to crack than the standard WEP. Weak points of WEP include: No Initiation Vector (IV) reuse protection, weak keys, no protection against message replay, no detection of message tampering, and no key updates.WEP (Wired Equivalent Privacy) encryptionWith preconfigured WEP, both the client CN3 and access point are assigned the same key, which can encrypt all data between the two devices. WEP keys also authenticate the CN3 to the access point - unless the CN3 can prove it knows the WEP key, it is not allowed onto the network. WEP keys are only needed if they are expected by your clients. There are two types available: 64-bit (5-character strings, 12345) (default) and 128-bit (13-character strings, 1234567890123). Enter these as either ASCII (12345) or Hex (0x3132333435).Key Management ProtocolsWPA (Wi-Fi Protected Access)This is an enhanced version of WEP that does not rely on a static, shared key. It encompasses a number of security enhancements over WEP, including improved data encryption via TKIP and 802.11b/g authentication with EAP. WiFi Alliance security standard is designed to work with existing 802.11 products and to offer forward compatibility with 802.11i.WPA2 (Wi-Fi Protected Access)Second generation of WPA security. Like WPA, WPA2 provides enterprise and home Wi-Fi users with a high level of assurance that their data remains protected and that only authorized users can access their wireless networks. WPA2 is based on the final IEEE 802.11i amendment to the 802.11 standard ratified in June 2004. WPA2 uses the Advanced Encryption Standard (AES) for data encryption and is eligible for FIPS (Federal Information Processing Standards) 140-2 compliance. AuthenticationEAP (Extensible Authentication Protocol)802.11b/g uses this protocol to perform authentication. This is not necessarily an authentication mechanism, but is a common framework for transporting actual authentication protocols. Intermec provides a number of EAP protocols for you to choose the best for your network.EAP-FAST (Flexible Authentication via Secure Tunneling)A publicly accessible IEEE 802.1X EAP type developed by Cisco Systems. It is available as an IETF informational draft. An 802.1X EAP type that does not require digital certificates, supports a variety of user and password database types, supports password expiration and change, and is flexible, easy to deploy, and easy to manage.
Chapter 5 — Network Support184 CN3 Mobile Computer User’s ManualLEAP (Lightweight Extensible Authentication Protocol)Also known as Cisco-Wireless EAP, provides username/password based authentication between a wireless client and a RADIUS server. In the 802.1x framework, traffic cannot pass through a wireless network access point until it successfully authenticates itself.EAP-PEAP (Protected Extensible Authentication Protocol)Performs secure authentication against Windows domains and directory services. It is comparable to EAP-TTLS both in its method of operation and its security, though not as flexible. This does not support the range of inside-the-tunnel authentication methods supported by EAP-TTLS. Microsoft and Cisco both support this protocol.EAP-TLS (Transport Layer Security)Based on the TLS (Transport Layer Security) protocol widely used to secure web sites. This requires both the user and authentication server have certificates for mutual authentication. While cryptically strong, this requires corporations that deploy this to maintain a certificate infrastructure for all their users.EAP-TTLS (Tunneled Tr a n s po r t  L a ye r  Security)This protocol provides authentication like EAP-TLS (see page 167) but does not require certificates for every user. Instead, authentication servers are issued certificates. User authentication is done using a password or other credentials that are transported in a securely encrypted “tunnel” established using server certificates.EAP-TTLS works by creating a secure, encrypted tunnel through which you present your credentials to the authentication server. Thus, inside EAP-TTLS there is another inner authentication protocol that you must configure via Additional TTLS Settings.Authentication (continued)
Chapter 5 —  Network SupportCN3 Mobile Computer User’s Manual 185SmartSystems™ FoundationUse the SmartSystems Foundation (www.intermec.com/SmartSystems) to configure and manage your network. You can also contact your Intermec representative for support.This tool, available as a free download from Intermec, includes a management console that provides a default method to configure and manage Intermec devices “out-of-the-box,” without the purchase of additional software licenses. This is for anyone who must configure and deploy multiple devices or manage multiple licenses.Use Intermec Settings to perform device configuration settings within the SmartSystems Foundation. For more information, see the Intermec Computer Command Reference Manual.Information about the SmartSystems Foundation is available as an online help within the SmartSystems Console application. Select SmartSystems > Help in the console to access the manual.Tap Start > Settings > the System tab > the Intermec Settings icon, then tap to expand the SmartSystems Information option.
Chapter 5 — Network Support186 CN3 Mobile Computer User’s Manual

Navigation menu