Advanced Network Compatibility For Awair Omni

Overview

This article provides guidance for preparing your network to connect your Awair Omni to Awair's servers. If experiencing on-going connectivity issues, it's always recommended to first verify the Awair server status here.

A simple step-by-step installation guide (optimized for a mobile phone screen), compatibility requirements, and other configuration information can be found here: https://install-omni.getawair.com, which is also visible in the Awair Business mobile app. This guide also contains information on how to determine your network type.

Connecting to Your WiFi Network (via Bluetooth Setup)

During the device onboarding process, your Awair Omni device will use a secure, inbound Bluetooth connection which will enable you to safely configure your WiFi network. This Bluetooth connection is limited to the WiFi onboarding process and will only recognize commands that are related to establishing and verifying your WiFi credentials and device secure token.

Once you’ve established a WiFi connection, Bluetooth will no longer be available unless you perform a factory reset on your device. Doing so will wipe all stored information from your device, including previously entered WiFi credentials.

Omni can connect to a visible or hidden SSID with WPA or WPA2 Personal security network. Currently, WEP and WPA2 Enterprise are not supported. If your network is hidden, you can manually input your WPA-PSK during device setup by following the WiFi onboarding prompts provided in the Awair app.

Setting Your WiFi Password / PSK

  • We recommend 6 to 32 alphanumeric characters in length.

SSID / WiFi Network Name

  • Same as above (PSK).

Domains, Ports, and Servers

Cloud-connected Awair devices communicate with a number of our backend services to provide you with access to your sensor data via the mobile app, web dashboard, and developer APIs, as well as keep devices up to date with the latest bug fixes and enhancements. If you are having difficulty onboarding or your device isn’t reliably sending data, the network settings could be blocking access to some of our backend services. Make sure the network allows outgoing connections to all of the following domains and their associated IP addresses/ports.

One way to check connectivity would be to ping the domains and IP addresses listed here from the network to which you are trying to connect your Awair devices. One of the most common problems we see is a firewall that is configured in such a way that it blocks outgoing connections to the listed domains and IP addresses. Also check to ensure it allows outgoing connections on the ports listed.

 

Service Details Notes / Description
DNS

8.8.8.8 (Google) - default

1-2 Network/ISP-provided servers

  • Omni can only use 2 DNS servers, try both simultaneously, and proceed with whichever returns a response first
  • Sometimes there are issues with DNS. In this case, the device can fall back to a backup IP address for sensor data and firmware updates.
Port(s) 443 Outbound traffic only. No inbound traffic.
OTA Service ota.awair.is (Static use 35.203.134.251) An HTTPS endpoint used by the Awair Omni to periodically check for and download firmware updates.
Messaging Service messaging.awair.is (Static use 35.197.82.39) An MQTTS Broker for Omni to securely exchange of data (e.g. air data, device commands) via subscriptions to topics, which are initiated by the device.
Time Sync Service timeserver.awair.is  An HTTPS endpoint for Omni to request a periodic (e.g. hourly) time synchronization with its internal clock. Do not use static IP firewall filtering.
IoT Service iot.awair.is  An HTTPS endpoint for the Omni to backfill data stored on-device while operating disconnected from the Awair Cloud. Ethernet connected Omnis use it for registration to the Awair Cloud. Do not use static IP firewall filtering.

Connecting Your Awair Device to Advanced Network Configurations

Awair is compatible with 2.4GHz 802.11b/g/n networks. Awair only supports single-stream on 802.11n radios (sometimes a “legacy" WiFi radio mode option is available to allow your Awair to communicate with only the b/g radios). We recommend reviewing your WiFi router Frequency, PHY Mode, and Channel settings prior to onboarding an Omni device in order to avoid connection issues.

Awair’s WiFi Requirements

  • Frequency

    • Awair is only compatible with 2.4GHz networks. Awair will not discover or connect to 5GHz networks, regardless of whether they share the same SSID and password.

  • PHY Mode

    • Awair works best with routers set to mixed access mode (802.11b/g/n). Due to the stricter access rules, Awair may not be compatible with 802.11ac or 802.11n-only modes at this time.

  • Channel

    • Generally, channels 1 and 11 have the least amount of interference. However, you may find that your Awair performs best on other channels, so it may take some analyzing and adjusting to find your optimal configuration. WIFi scanning services (such as NetSpot) can be helpful to find the right channel for your environment. In crowded network environments, some access points will employ a feature that results in “channel hopping," which can make it difficult for Awair to maintain a constant connection in some cases.

Locating Your WiFi Network Details

If you are currently connected to your WiFi network via a desktop or laptop computer but are unsure of your network settings, follow the steps below to locate this information on your computer.

 

macOS Users

  • Hold down the “Option” key and click on the "wireless icon" in the toolbar at the top of your screen. You should see a dropdown menu which looks something like this:

mceclip1.png

  • To view the Network details for another network on the list, hold down the “Option” key, click on the "wireless icon", and hover over a different network name on the list. A text box should appear with the Network details:
  • To access more detailed information about your WiFi network:
  1. Press and hold the “Option” key,
  2. Click on the "Apple icon" on the top left corner of your screen,
  3. Click on “System Information”, a window appears; choose “Network” from the options in the side toolbar and
  4. Click on “WiFi” to pull up a detailed overview of your network settings.

Windows 10 Users

To locate your network details,

  1. Click Start (Windows Icon) → Windows SystemControl Panel.
  2. Under the “Network & Internet” section of the Control Panel Window, click on “View network status and tasks.” NOTE: On some screens, you may see an alternative “Network and Sharing Center.” Click on whatever option is visible to you.
  3. In the left sidebar of the Network and Sharing Center screen, click on “Change Adapter Settings
  4. Double-click on “WiFi”, a “WiFi Status” window shows up. 
  5. Click on the “Wireless Properties” button to view your network information.
  6. The type of WiFi network will be shown under the “Connection” tab, and the encryption method will be listed under the “Security” tab.

If you are stuck on the “Network & Internet” screen, then follow these steps to locate your network details:

  1. If the WIFi switch is set to off, click to turn it on.

  2. Click the name (SSID) of the network settings you want to use.

  3. Click “Connect.

  4. Double-click on “WIFi” in the “Network Connections” screen to pull up your network details.

Decoding Your Network Details

Term Description
WPA Wireless Protected Access (WPA) is more secure than WEP and less secure than WPA2.
WPA2 Wireless Protected Access 2 (WPA2) is an upgraded version of WPA.
WEP Wired Equivalent Privacy. The most basic (and least secure) type of network.
AES Advanced Encryption Standard. This method is more robust than TKIP.
TKIP Temporal Key Integrity Protocol (TKIP) refers to a more basic data encryption method.
PSK Pre-Shared Key. Used for homes (personal) and small offices where everyone uses the same password to access the network.

 

Advanced Networking Highlights

  • Your Awair requires outgoing TCP & TLS connections on Ports 8883 and 443.

  • The connection on Port 8883 is indefinite, the connection on Port 443 is intermittent (typically once per hour).

  • For adding device-specific permissions, every Awair has a standard MAC-48 address listed on the back of the product.

  • Awair does not support networks requiring two factor authentication, captive portals, login portals, RADIUS servers, or managed login networks. You may be able to connect your Awair to these networks by setting device-specific permissions (e.g. MAC Whitelists).

Network Encryption Methods

It is recommended to use a password protected WIFi network, specifically WPA2 (WPA2 + AES) as the network authentication method due to the extra security it provides. However, Awair is also compatible with WEP, WPA, and open networks.

Awair is not compatible with WPA Enterprise, WPA2 Enterprise, or WPS encryption methods. Awair does not support networks requiring two factor authentication, login portals, captive portals, splash pages, or managed login networks — however, you may be able to establish a connection to these kinds of networks by adding your Awair’s MAC address to your network's whitelist.

  • Managing TCP Ports

    • Basic security firewall configurations will commonly allow outgoing connections from all devices, but high security configurations may block all or a portion of this traffic. If your firewall is particularly restrictive, try adjusting your firewall’s policies to allow your Awair to make outgoing TCP connections on Ports 8883 and 443.

      Your Awair uses one long-term secure communication protocol to send data back to Awair’s servers. After connecting to your WIFi network, your Awair will open an ongoing TCP connection on Port 8883 to Awair’s servers, secured with standard TLS encryption. If severed, your Awair will continuously attempt to re-establish this connection.

      Once per hour, your Awair will check for and download firmware updates when available. This check is done via a TCP connection using TLS security and HTTPS protocol, initiated on Port 443 to Awair’s servers.

      All connections to your Awair are outgoing, no incoming connections are established.

MAC Address Whitelist & DHCP Reservation

You can add your Awair to your network by whitelisting the device’s MAC address (this method is sometimes referred to as MAC address authentication or filtering). You can find your Awair's unique MAC address on the rear of the device and on the packaging. The MAC address is a 12 alphanumeric characters starting with “70886B", which is Awair's Organizationally Unique Identifier (OUI), and pictured below in the red outline. The last 6 alphanumeric characters make up the unique identifier for each Awair device.

 mceclip0.png

Whitelisting your Awair by MAC address is often the best way to connect Awair to managed login access points requiring secondary authentication.

Alternatively, or in addition to whitelisting, you may opt to assign your Omni device a DHCP Reservation (similar to a “Static IP Address", but assigned via the Router instead of the Client - i.e. Omni). A DHCP Reservation gives your Omni a set IP Address on the network so that it will always be reachable at the same address. This is not required, but it can improve connectivity particularly due to IP Address clashes.

 

Testing for Network Compatibility

If you’re unable to connect to your Awair after trying the methods above, your network may be incompatible with Awair. The quickest way to test whether your Omni is malfunctioning is to connect it to a mobile hotspot, such as your smartphone.

By setting up a mobile hotspot or tethering to your phone, you’ll be able to quickly determine if your Awair’s connection issue is rooted in the advanced configuration of your WIFi network.

However, if you’re unable to connect your Awair to the network created by your mobile hotspot network, it’s possible your Awair’s hardware may be defective. This rare situation is covered under our 1-year warranty and we’re more than happy to replace your product if needed. If you continue to run into trouble getting your Awair connected to your network, please reach out to us so we can help. We’re happy to troubleshoot over email or schedule a phone call at your convenience.

 

 

Have more questions? Submit a request