Network Troubleshooting for BluFi

Owned by Brad Hopkins
Last updated: Dec 16, 2020
4 min read

Overview

Provisioning of BluFi gateways to WiFi networks can often be the most challenging part of a deployment.  This arises from the various security protocols and infrastructures implemented across different networks.  The BluFi template in Bluzone houses all of the necessary credentials to get access to a network, however, if the network itself has additional restrictions imposed, the BluFi might not be able to successfully join.  The following is a list of supported security protocols and items to consider in order for the BluFi to gain access to Bluzone and maintain steady connection through a WiFi network.

Security Protocols

The following network authentication protocols are supported by BluFi gateways:

  • WEP
  • WPA2
  • EAP PEAP0 MSCHAPv2
  • EAP PEAP0 PSK
  • EAP PEAP0 TLS
  • EAP PEAP1 MSCHAPv2
  • EAP PEAP1 PSK
  • EAP PEAP1 TLS
  • EAP TLS
  • EAP TTLS MSCHAPv2
  • EAP TTLS PSK
  • EAP TTLS TLS

Network Considerations

Bluvision devices are deployed within enterprise grade wireless infrastructures with strict network compliance guidelines. Therefore these devices may be presented with the following obstacles to connectivity and successful provisioning:

  1. SSID and Password Accuracy – both the SSID and password that are input into the BluFi template must match the network credentials exactly (case-sensitivity included)
  2. Wi-Fi Spectrum Compatibility – BluFi Requires 2.4 GHz and is NOT compatible with 5 GHz
  3. MAC Address White Listing – Wireless network may require BluFi’s WiFi MAC Address be explicitly added to approved devices table.
  4. Firewall – BluFi’s require open internet access to bluzone.io via port 443 to successfully connect and provision device.
  5. Ports – The following ports must be open for a BluFi to properly communicate with Bluzone cloud:
    1. HTTPS (443) 
    2. DNS (53) 
    3. NTP Port (123) 
    4. TCP (100) 
    5. TCP (80)
  6. HTTP Proxy – A HTTP proxy may not be used to route/monitor all outbound internet traffic. Customer networking team will need to whitelist BluFi devices to BYPASS proxy provided direct access to bluzone.io:443
  7. Certificate Authentication – If a certificate is required, it must be properly formatted and signed. Compatible formats are .pem and .der
  8. No DHCP - BluFi Gateway will fail to provision when host network requires static IP address and DHCP services are not enabled. Resolution, setup segmented VLAN with DHCP.
  9. Slow DHCP – BluFi Gateway may fail to provision using a mobile device when host network has slow issuance of IP addresses via DHCP. If time to acquire IP address lease exceeds 30-60 seconds, mobile application will exceed timeout and return failure response. However, BluFi may succeed if left plugged in and successfully gets assigned IP address.
  10. Slow or Unstable WiFi Network – BluFi may have connectivity issues on overloaded or poor signal WiFi infrastructures. BluFi gateways require a minimum of 2 Mbps “sustained” upload speed to successfully transmit beacon telemetry.
  11. BluFi Excessive Reconnects – BluFi gateway installed in location that is too far from WiFi access point, within area that contains a RF barrier (metal), and/ or within a WiFi zone with too many overlapping access points.
  12. Network Throttling – BluFi Gateway has been installed on cellular based internet access point with assigned upload speed and/ or connection limits. Customer may have issues when data plans exceeds subscription levels.
  13. Captive Portal – Host network requires the use of web page based acceptance of terms and conditions to approve access to internet. (Used in Hotels). BluFi gateways are NOT compatible with captive portals.

Troubleshooting Tools

The following tools can be used to assess and improve the quality of a deployment.

Mobile app scanner of 2.4 GHz traffic 

Many wireless traffic scanning apps are available in the iOS App Store and Google Play (search: "WiFi scanner", "network scanner", "2.4 GHz spectrum analyzer", etc.).  These can be used to scan for traffic to estimate potential interference and/ or to ensure WiFi access point coverage.

Cellular HotSpot

In the event of poor WiFi network coverage or inability to connect to an enterprise network, cellular hotspots can offer a solution (temporary or permanent) to connect BluFi to.  Take note that each hotspot requires a SIM card with a data plan.  Multiple hotspots may be used, and BluFi on a single project can be placed on different networks, if desired.

Bluzone Mobile App

If you have physical access to a powered BluFi, you can use the Bluzone mobile app to temporarily connect to the BluFi via Bluetooth and read network connectivity information.  In the app, first select "BluFis":

Then select the BluFi you would like to connect to:

Make sure Bluetooth is enabled on your mobile device, then select "Blufi Configuration" at the bottom:

Select "Connect" in the top right:

After the mobile device connects to the BluFi, the fields will populate with information: