Resolved Apple Watch + WPA2 Enterprise (802.1X) WiFi

Discussion in 'Apple Watch' started by Shadow%20Mac, Dec 9, 2017.

  1. Shadow%20Mac macrumors 6502

    Joined:
    Dec 28, 2007
    Location:
    California
    #1
    Hello all!

    I recently picked up a Apple Watch Series 3 with LTE, and I noticed that while I'm home, after I get out of Bluetooth range from my iPhone, my watch switches to it's LTE connection. I find this very annoying, as it quickly drains the watch's battery, and I was under the impression that watchOS was supposed to differ to WiFi when you get out of bluetooth range, before switching to LTE.

    I did a little more digging, and it looks like my Apple Watch has *never* been connecting to my WiFi network, possibly because my home network uses WPA2 Enterprise (username & password / 802.1X) auth for WiFi connections.

    Anyone else have a WPA2 Enterprise protected network and an Apple Watch? I can't find any info on Apple's website about what wifi auth standards are supported by watchOS, and all the reddit threads and things of that nature are on the subject are from 2015. This is my first Apple Watch and I've never used a watchOS before, so forgive my ignorance if this is a well documented issue / some obvious setting I just haven't discovered yet.

    The watch is running watchOS 4.2, and my iPhone / MacBook Pro are both connected to this WiFi network pretty much constantly, and the necessary credentials are stored on my iCloud Keychain.
     
  2. AlliFlowers Contributor

    AlliFlowers

    Joined:
    Jan 1, 2011
    Location:
    L.A. (Lower Alabama)
    #2
    So far there is no way for the watch to authorize to a network by itself. So if your phone is connected to the network it will piggyback off the phone. But without the phone, it has no way to connect.
     
  3. Shadow%20Mac thread starter macrumors 6502

    Joined:
    Dec 28, 2007
    Location:
    California
    #3
    That's not how Apple's website describes it:

    https://support.apple.com/en-us/HT204562

    "
    To enjoy every feature on your Apple Watch, you need to turn on Wi-Fi and Bluetooth on your paired iPhone. Swipe up on your iPhone to open Control Center. Then make sure Wi-Fi and Bluetooth are on.

    Your Apple Watch uses Wi-Fi and Bluetooth to communicate with your paired iPhone, switching between connections as needed:

    • Your Apple Watch uses Bluetooth when your iPhone is near, which conserves power.
    • If Bluetooth isn’t available, your Apple Watch will try to use Wi-Fi. For example, if compatible Wi-Fi is available and your iPhone isn't in Bluetooth range, your Apple Watch uses Wi-Fi.
    "

    But even if you're correct about that, my point is that my watch doesn't seem to be able to connect to the network, while my phone is.
     
  4. AlliFlowers Contributor

    AlliFlowers

    Joined:
    Jan 1, 2011
    Location:
    L.A. (Lower Alabama)
    #4
    Your watch only connects to your phone. Unless it's an unsecured wireless, you're SOL.
     
  5. Shadow%20Mac thread starter macrumors 6502

    Joined:
    Dec 28, 2007
    Location:
    California
    #5
    I don’t think this is right. I have a password protected WPA2 personal network at the office, and my watch connects to the the phone over WiFi just fine when I get out of Bluetooth range. Presumably, credentials are shared via iCloud keychain. Can someone else confirm this? Has anyone had success with an Apple Watch and a WPA2 Enterprise / 802.1X WiFi network? I’m using freeRADIUS hosted on an Ubuntu box in my garage to do the auth work.
     
  6. dave006, Dec 9, 2017
    Last edited: Dec 9, 2017

    dave006 Contributor

    dave006

    Joined:
    Jul 3, 2008
    Location:
    Just West of East
    #6
    Sorry but you are not quite correct. The Series 3 LTE watch starts with Bluetooth to the paired iPhone, then if out of Bluetooth range the watch will switch to direct Wi-Fi to reach the paired iPhone (same Wi-Fi network). And finally the LTE watch will switch to LTE if Bluetooth and or Wi-Fi are not available. The watch can also connect to "Known" Wi-Fi networks when the iPhone is not around but needs to meet the requirements below.

    Now about the original issue, your watch can only connect to a "Known" Wi-Fi that your iPhone has already connected to and there are some restrictions on the types of Wi-Fi networks that are supported.

    Your Apple Watch can connect to a Wi-Fi network:
    • If your iPhone, while connected to your watch with Bluetooth, has connected to the network before.
    • If the Wi-Fi network is 802.11b/g/n 2.4GHz.
    For example, your Apple Watch won't connect to 5GHz Wi-Fi or networks that require logins, subscriptions, or profiles. When your Apple Watch connects to a compatible Wi-Fi network instead of your iPhone connection, [​IMG] appears in the Control Center.

    Note: Bluetooth is used to send the "Known" Wi-Fi profiles from your iPhone to the watch.
    Note: You can connect to secured Wi-Fi networks that meet the above requirements.

    Dave
     
  7. Shadow%20Mac thread starter macrumors 6502

    Joined:
    Dec 28, 2007
    Location:
    California
    #7
    Thank you! This is *exactly* what I was looking for. I guess WPA2 Enterprise probably falls into the category of "networks that require logins, subscriptions, or profiles". Bummer! I'd imagine this is quite an issue for people in an office environment — 802.1X is fairly common. I wonder if Apple will ever update watchOS for a fix. Though is suppose it is technically a login, it's not as complex as most of the kinds of networks they describe, and I'd imagine that the credentials could be sent via bluetooth, the same way current WPA2 Personal credentials are sent.

    I guess I've gotta choose between disabling the RADIUS server in my house and switching to a more conventional auth mechanism or not having WiFi on the Apple Watch.

    Can anyone comment on how useful it is to have WiFi on the Apple Watch? Am I seriously missing out here?
     
  8. waw74 macrumors 68040

    Joined:
    May 27, 2008
    #8
    in theory, the only difference you see is battery / data plan usage.
    Watch always uses the lowest power connection available bluetooth -> wifi -> LTE.

    depending on your home internet, wifi might be a bit faster than LTE, but you're not downloading huge files on the watch, so probably not noticeable.

    you might be able to make a second SSID with WPA2, and restrict MACs that to your phone and the watch
    you would need to include your phone, since you would have to log into the wifi on that, and then it would share it's wifi password with the watch

    you can't forget the wifi on the phone (as it would clear the watch too), so there's a chance it would use that connection, since there's no way to set preference on networks in the phone.
     
  9. Shadow%20Mac thread starter macrumors 6502

    Joined:
    Dec 28, 2007
    Location:
    California
    #9
    Thanks for the advice!

    Seems like I have nothing to lose by at least trying your solution -- I'm using a UniFi cloud hosted controller + 3 of their access points, so I think creating an extra SSID w/ a MAC address whitelist should be pretty easy. I'll give it a shot!
     
  10. The_Nautilus macrumors newbie

    The_Nautilus

    Joined:
    Nov 5, 2016
    #10
    Has anyone heard if Apple will be incorporating 802.1x support in future WatchOS versions?
     
  11. BarracksSi Suspended

    BarracksSi

    Joined:
    Jul 14, 2015
    #11
    Um... it has since watchOS 1, and still does today in watchOS 4...
     
  12. The_Nautilus, Mar 22, 2018
    Last edited: Mar 22, 2018

    The_Nautilus macrumors newbie

    The_Nautilus

    Joined:
    Nov 5, 2016
    #12
    Let me clarify; will the Apple Watch ever connect to Enterprise level WiFi networks?
     
  13. Shadow%20Mac thread starter macrumors 6502

    Joined:
    Dec 28, 2007
    Location:
    California
    #13
    No. You are incorrect. The Apple Watch, does not, and NEVER has supported 802.1X. I am 100% you do not know what this term means. Google it.

    Unclear. The current and beta release of watchOS 4 do not, and I don't think we've heard any word from Apple.

    My guess is that, if such a thing were to happen, it would be part of a major version release. I suspect this for two reasons.

    1.) iCloud Keychain doesn't work with 802.1X credentials, even outside the Apple Watch. iCloud is happy to sync my WPA2 Personal passwords from device to device, but even on my MacBook Pro and my iPad, I need to enter the 802.1X credentials on each new device once.

    2.) Apple Watch WiFi hardware is inferior to other Apple Products. It still doesn't support 802.11ac (or any 5GHz networks at all, for that matter).

    I could be wrong, but I'm willing to bet that there is a hardware / software / practical reason that 802.1X credentials aren't shared. There is also the RADIUS certificate to consider. I'm guessing that such a thing would require a pretty dramatic change to the way the Apple Watch connects to WiFi networks.
     
  14. BarracksSi Suspended

    BarracksSi

    Joined:
    Jul 14, 2015
    #14
    Thought "802.1x" was like a catch-all term for 802.11a/b/c/etc.
     
  15. Shadow%20Mac thread starter macrumors 6502

    Joined:
    Dec 28, 2007
    Location:
    California
    #15
    Nope. You’re thinking 802.11x, different from 802.1X
     
  16. MacBoy88 macrumors regular

    Joined:
    Feb 4, 2003
    Location:
    Illinois
    #16
    I have no clue if this will work, but what about creating a WiFi Configuration Profile to install on the Watch? I was installing Comcast’s secure WiFi profile the other day and it asked me if I wanted to install the profile on my phone or Watch. I did both, but I haven’t tested it yet. Might be worth a shot!!

    72A52A6E-98D4-4052-92D9-801902928564.png CF611CCA-7E25-4ADF-AFD7-7AB10EC57B9A.png
     
  17. lenorelt macrumors newbie

    lenorelt

    Joined:
    May 17, 2018
    #17
    Did this work?

     
  18. Shadow%20Mac thread starter macrumors 6502

    Joined:
    Dec 28, 2007
    Location:
    California
  19. MacBoy88 macrumors regular

    Joined:
    Feb 4, 2003
    Location:
    Illinois
    #19
    I have not seen it connect to an XFINITY signal. :(
    To be fair, I don't go without my phone too much.
     
  20. titanshadow macrumors newbie

    titanshadow

    Joined:
    Jun 19, 2018
    #20
    Yes, once the profile is installed on the watch it will connect. I installed the TWC profile on my phone and watch and my watch will connect to the Sepctrum secured network by itself without the phone. The only thing I cannot get it to connect to is my University's network which requires a profile with a certificate to be installed, which the iPhone will not load onto the watch.
     

Share This Page

19 December 9, 2017