Resolved Apple Watch + WPA2 Enterprise (802.1X) WiFi

Shadow%20Mac

macrumors 6502
Original poster
Dec 28, 2007
438
156
California
Hello all!

I recently picked up a Apple Watch Series 3 with LTE, and I noticed that while I'm home, after I get out of Bluetooth range from my iPhone, my watch switches to it's LTE connection. I find this very annoying, as it quickly drains the watch's battery, and I was under the impression that watchOS was supposed to differ to WiFi when you get out of bluetooth range, before switching to LTE.

I did a little more digging, and it looks like my Apple Watch has *never* been connecting to my WiFi network, possibly because my home network uses WPA2 Enterprise (username & password / 802.1X) auth for WiFi connections.

Anyone else have a WPA2 Enterprise protected network and an Apple Watch? I can't find any info on Apple's website about what wifi auth standards are supported by watchOS, and all the reddit threads and things of that nature are on the subject are from 2015. This is my first Apple Watch and I've never used a watchOS before, so forgive my ignorance if this is a well documented issue / some obvious setting I just haven't discovered yet.

The watch is running watchOS 4.2, and my iPhone / MacBook Pro are both connected to this WiFi network pretty much constantly, and the necessary credentials are stored on my iCloud Keychain.
 

AlliFlowers

Contributor
Jan 1, 2011
4,522
13,231
L.A. (Lower Alabama)
So far there is no way for the watch to authorize to a network by itself. So if your phone is connected to the network it will piggyback off the phone. But without the phone, it has no way to connect.
 

Shadow%20Mac

macrumors 6502
Original poster
Dec 28, 2007
438
156
California
So far there is no way for the watch to authorize to a network by itself. So if your phone is connected to the network it will piggyback off the phone. But without the phone, it has no way to connect.
That's not how Apple's website describes it:

https://support.apple.com/en-us/HT204562

"
To enjoy every feature on your Apple Watch, you need to turn on Wi-Fi and Bluetooth on your paired iPhone. Swipe up on your iPhone to open Control Center. Then make sure Wi-Fi and Bluetooth are on.

Your Apple Watch uses Wi-Fi and Bluetooth to communicate with your paired iPhone, switching between connections as needed:

  • Your Apple Watch uses Bluetooth when your iPhone is near, which conserves power.
  • If Bluetooth isn’t available, your Apple Watch will try to use Wi-Fi. For example, if compatible Wi-Fi is available and your iPhone isn't in Bluetooth range, your Apple Watch uses Wi-Fi.
"

But even if you're correct about that, my point is that my watch doesn't seem to be able to connect to the network, while my phone is.
 

Shadow%20Mac

macrumors 6502
Original poster
Dec 28, 2007
438
156
California
Your watch only connects to your phone. Unless it's an unsecured wireless, you're SOL.
I don’t think this is right. I have a password protected WPA2 personal network at the office, and my watch connects to the the phone over WiFi just fine when I get out of Bluetooth range. Presumably, credentials are shared via iCloud keychain. Can someone else confirm this? Has anyone had success with an Apple Watch and a WPA2 Enterprise / 802.1X WiFi network? I’m using freeRADIUS hosted on an Ubuntu box in my garage to do the auth work.
 

dave006

Contributor
Jul 3, 2008
3,442
716
Just West of East
Your watch only connects to your phone. Unless it's an unsecured wireless, you're SOL.
Sorry but you are not quite correct. The Series 3 LTE watch starts with Bluetooth to the paired iPhone, then if out of Bluetooth range the watch will switch to direct Wi-Fi to reach the paired iPhone (same Wi-Fi network). And finally the LTE watch will switch to LTE if Bluetooth and or Wi-Fi are not available. The watch can also connect to "Known" Wi-Fi networks when the iPhone is not around but needs to meet the requirements below.

Now about the original issue, your watch can only connect to a "Known" Wi-Fi that your iPhone has already connected to and there are some restrictions on the types of Wi-Fi networks that are supported.

Your Apple Watch can connect to a Wi-Fi network:
  • If your iPhone, while connected to your watch with Bluetooth, has connected to the network before.
  • If the Wi-Fi network is 802.11b/g/n 2.4GHz.
For example, your Apple Watch won't connect to 5GHz Wi-Fi or networks that require logins, subscriptions, or profiles. When your Apple Watch connects to a compatible Wi-Fi network instead of your iPhone connection,
appears in the Control Center.

Note: Bluetooth is used to send the "Known" Wi-Fi profiles from your iPhone to the watch.
Note: You can connect to secured Wi-Fi networks that meet the above requirements.

Dave
 
Last edited:

Shadow%20Mac

macrumors 6502
Original poster
Dec 28, 2007
438
156
California
Sorry but you are not quite correct. The Series 3 LTE watch starts with Bluetooth to the paired iPhone, then if out of Bluetooth range the watch will switch to direct Wi-Fi to reach the paired iPhone (same Wi-Fi network). And finally the LTE watch will switch to LTE if Bluetooth and or Wi-Fi are not available. The watch can also connect to "Known" Wi-Fi networks when the iPhone is not around but needs to meet the requirements below.

Now about the original issue, your watch can only connect to a "Known" Wi-Fi that your iPhone has already connected to and there are some restrictions on the types of Wi-Fi networks that are supported.

Your Apple Watch can connect to a Wi-Fi network:
  • If your iPhone, while connected to your watch with Bluetooth, has connected to the network before.
  • If the Wi-Fi network is 802.11b/g/n 2.4GHz.
For example, your Apple Watch won't connect to 5GHz Wi-Fi or networks that require logins, subscriptions, or profiles. When your Apple Watch connects to a compatible Wi-Fi network instead of your iPhone connection,
appears in the Control Center.

Note: Bluetooth is used to send the "Known" Wi-Fi profiles from your iPhone to the watch.
Note: You can connect to secured Wi-Fi networks that meet the above requirements.

Dave
Thank you! This is *exactly* what I was looking for. I guess WPA2 Enterprise probably falls into the category of "networks that require logins, subscriptions, or profiles". Bummer! I'd imagine this is quite an issue for people in an office environment — 802.1X is fairly common. I wonder if Apple will ever update watchOS for a fix. Though is suppose it is technically a login, it's not as complex as most of the kinds of networks they describe, and I'd imagine that the credentials could be sent via bluetooth, the same way current WPA2 Personal credentials are sent.

I guess I've gotta choose between disabling the RADIUS server in my house and switching to a more conventional auth mechanism or not having WiFi on the Apple Watch.

Can anyone comment on how useful it is to have WiFi on the Apple Watch? Am I seriously missing out here?
 

waw74

macrumors 68040
May 27, 2008
3,537
349
in theory, the only difference you see is battery / data plan usage.
Watch always uses the lowest power connection available bluetooth -> wifi -> LTE.

depending on your home internet, wifi might be a bit faster than LTE, but you're not downloading huge files on the watch, so probably not noticeable.

you might be able to make a second SSID with WPA2, and restrict MACs that to your phone and the watch
you would need to include your phone, since you would have to log into the wifi on that, and then it would share it's wifi password with the watch

you can't forget the wifi on the phone (as it would clear the watch too), so there's a chance it would use that connection, since there's no way to set preference on networks in the phone.
 
  • Like
Reactions: dave006

Shadow%20Mac

macrumors 6502
Original poster
Dec 28, 2007
438
156
California
in theory, the only difference you see is battery / data plan usage.
Watch always uses the lowest power connection available bluetooth -> wifi -> LTE.

depending on your home internet, wifi might be a bit faster than LTE, but you're not downloading huge files on the watch, so probably not noticeable.

you might be able to make a second SSID with WPA2, and restrict MACs that to your phone and the watch
you would need to include your phone, since you would have to log into the wifi on that, and then it would share it's wifi password with the watch
Thanks for the advice!

Seems like I have nothing to lose by at least trying your solution -- I'm using a UniFi cloud hosted controller + 3 of their access points, so I think creating an extra SSID w/ a MAC address whitelist should be pretty easy. I'll give it a shot!
 
  • Like
Reactions: dave006

The_Nautilus

macrumors newbie
Nov 5, 2016
18
74
Let me clarify; will the Apple Watch ever connect to Enterprise level WiFi networks?
 
Last edited:

Shadow%20Mac

macrumors 6502
Original poster
Dec 28, 2007
438
156
California
Um... it has since watchOS 1, and still does today in watchOS 4...
No. You are incorrect. The Apple Watch, does not, and NEVER has supported 802.1X. I am 100% you do not know what this term means. Google it.

Let me clarify; will the Apple Watch ever connect to Enterprise level WiFi networks?
Unclear. The current and beta release of watchOS 4 do not, and I don't think we've heard any word from Apple.

My guess is that, if such a thing were to happen, it would be part of a major version release. I suspect this for two reasons.

1.) iCloud Keychain doesn't work with 802.1X credentials, even outside the Apple Watch. iCloud is happy to sync my WPA2 Personal passwords from device to device, but even on my MacBook Pro and my iPad, I need to enter the 802.1X credentials on each new device once.

2.) Apple Watch WiFi hardware is inferior to other Apple Products. It still doesn't support 802.11ac (or any 5GHz networks at all, for that matter).

I could be wrong, but I'm willing to bet that there is a hardware / software / practical reason that 802.1X credentials aren't shared. There is also the RADIUS certificate to consider. I'm guessing that such a thing would require a pretty dramatic change to the way the Apple Watch connects to WiFi networks.
 

MacBoy88

macrumors regular
Feb 4, 2003
185
49
Illinois
I have no clue if this will work, but what about creating a WiFi Configuration Profile to install on the Watch? I was installing Comcast’s secure WiFi profile the other day and it asked me if I wanted to install the profile on my phone or Watch. I did both, but I haven’t tested it yet. Might be worth a shot!!

72A52A6E-98D4-4052-92D9-801902928564.png
CF611CCA-7E25-4ADF-AFD7-7AB10EC57B9A.png
 

titanshadow

macrumors newbie
Jun 19, 2018
1
0
Yes, once the profile is installed on the watch it will connect. I installed the TWC profile on my phone and watch and my watch will connect to the Sepctrum secured network by itself without the phone. The only thing I cannot get it to connect to is my University's network which requires a profile with a certificate to be installed, which the iPhone will not load onto the watch.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.