Panel | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
ON THIS PAGE
|
...
Object Creation: The roNetworkConfiguration object is created with a single parameter.
Code Block |
---|
CreateObject("roNetworkConfiguration", network_interface as Dynamic) |
...
0
or"eth0"
: The Ethernet port on the BrightSign player1
or"wlan0"
: The internal WiFi2
or"ppp0"
: A connected modem
If the network_interface
is specified as an integer, the interface must currently exist on the player; otherwise, the object-creation function will return Invalid
. Conversely, specifying the network_interface
as a string allows you to create a roNetworkConfiguration instance for an interface that is not currently present on the player.
The network interface can be configured as a VLAN using the following string format: "[parent_interface].[vlan_id]"
. Once the VLAN interface(s) are configured, they must be enabled on the parent network interface (e.g. "eth0") using the SetVlanIds()
method. VLAN interfaces use DHCP by default. They are supported on Series 4 (XTx44, XDx34) and Series 3 (XTx43, XDx33, HDx23, LS423, HO523) players only.
Code Block | ||
---|---|---|
| ||
n6 = CreateObject("roNetworkConfiguration", "eth0.6") |
Some of the settings below are specific to the network interface, while others are used by the BrightSign host for all network interfaces.
ifNetworkConfiguration
Apply() As Boolean
Applies the requested changes to the network interface. This method returns false
if the changes could not be applied to the network interface, though changes made using "Set" and "Reset" methods will be preserved through future reboots even if Apply()
fails. Configuration may take several seconds to complete.
Note | ||
---|---|---|
| ||
"Set" and "Reset" methods do not take effect until |
SetupDWS(settings As roAssociativeArray) As Boolean
Configures the Diagnostic Web Server (DWS). This method returns true
if a restart is required for the changes to take effect. It will return false
if a restart is not required or if the method failed–the GetFailureReason()
method returns a non-empty string in event of failure.
By default, the Diagnostic Web Server is enabled on port 80, with the player serial number as password. Settings for the DWS are specified in an associative array. These properties are written to the registry and persist after reboot:
port
: The port number of the Diagnostic Web Server, located at the IP address of the player. Setting this value to 0 will disable the DWS, while setting it to "default" will make the DWS accessible on the default port (80). Specifying only this parameter in the associative array is equivalent to enabling the DWS without password protection.password
: An obfuscated password for the DWS. This method uses digest access authentication. Specifying this parameter without setting aport
number will make the DWS accessible on the default port.open
: An unobfuscated password for the DWS. This method uses digest access authentication. Specifying this parameter without setting aport
number will make the DWS accessible on the default port.basic
: A flag indicating whether basic authentication should be used or not. Setting this parameter totrue
allows the password set with theopen
parameter to be validated using basic authentication, rather than digest access authentication. This option allows for backwards compatibility with older platforms; most, if not all, modern browsers require basic authentication to be disabled in order to communicate with the DWS.
The user name is "admin" for all authentication configurations.
EnableLEDs(enable As Boolean) As Boolean
Enables or disables the Ethernet activity LED (i.e. flashing during link and activity behavior). The Ethernet LED is enabled by default. Changes to this setting do not persist across reboots. This method returns true
upon success and false
upon failure. Note that this method is not available on HDx10, HDx20, and LSx22 models.
SetClientIdentifier(a As String) As Boolean
Sets the DHCP client identifier.
GetClientIdentifier() As String
Returns the DHCP client identifier.
SetLoginPassword(password As String) As Boolean
Specifies a login password for the SSH connection (if SSH has been enabled in the registry). This method accepts a plain-text password.
SetObfuscatedLoginPassword(password As String) As Boolean
Specifies a login password for the SSH connection (if SSH has been enabled in the registry). This method accepts a password that has been obfuscated using a shared secret.
Note | ||
---|---|---|
| ||
Contact support@brightsign.biz to learn more about generating a key for obfuscation and storing it on the player. |
SetInboundShaperRate(rate As Integer) As Boolean
Sets the bandwidth limit for inbound traffic in bits per second. For the default bandwidth limit, pass -1 to the method; for no bandwidth limit, pass 0 (though these two settings are functionally the same). You will need to call Apply()
for this setting to take effect, and changing this setting at any time will cause the network interface to be taken down and reinitialized.
Note | ||
---|---|---|
| ||
Because of overhead on the shaping algorithm, attempting to limit the bandwidth at rates greater than approximately 2Mbit/s will reduce speeds to less than the specified rate. |
SetMTU(mtu As Integer) As Boolean
Sets the maximum transmission unit (MTU) for the network interface in bytes. Currently, the MTU setting is not returned when the GetCurrentConfig()
method is called.
...
Configures the metric for the default gateway on the current network interface. Routes with lower metrics are preferred over routes with higher metrics. This function returns true
upon success.
SetDHCP() As Boolean (interface)
...
...
...
...
...
...
title | Note |
---|
...
...
...
...
...
title | Note |
---|
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
title | Example |
---|
...
...
...
Value | Type | Host/Interface | Description |
---|---|---|---|
metric | Integer | Interface | Returns the current routing metric for the interface. See the |
dhcp | Boolean | Interface | Returns |
hostname | String | Host | The currently configured host name |
mdns_hostname | String | Host | The Zeroconf host name currently in use. This may be longer than the host name if there is a collision on the current network. |
ethernet_mac | String | Interface | The Ethernet MAC address |
ip4_address | String | Interface | The current IPv4 address. If none is currently set, the string will be empty. |
ip4_netmask | String | Interface | The current IPv4 network mask. If none is currently set, the string will be empty. |
ip4_broadcast | String | Interface | The current IPv4 broadcast address. If none is currently set, the string will be empty. |
ip4_gateway | String | Interface | The current IPv4 gateway address. If none is currently set, the string will be empty. |
domain | String | Host |
...
A whitespace-separated list of domains that will be appended to unqualified names when resolving them | |||
domains | roArray of Strings | Host | The domains that will be appended to uniqualified names when resolving name |
dns_servers | roArray of Strings | Host | The currently active DNS servers |
time_server | String | Host | The current time server |
configured_proxy | String | Host | The currently configured proxy. This may contain magic characters as explained under |
current_proxy | String | Host | The currently active proxy. Any magic characters will have been replaced as explained under |
shape_inbound | Integer | Interface | The current bandwidth shaping for inbound traffic determined by the |
type | String | Interface | Either "wired" or "wifi" |
link | Boolean | Interface | Indicates whether the network interface is currently connected. |
wifi_essid | String | Interface | The name of the current Wi-Fi network (if any) |
wifi_signal | Integer | Interface | An indication of the received signal strength. The absolute value of this field is usually not meaningful, but it can be compared with the reported value on other networks or in different locations. |
TestInterface() As Object
Performs various tests on the network interface to determine whether it appears to be working correctly. It reports the results via an associative array containing the following members:
Value | Type | Description |
---|---|---|
ok | Boolean | This value is |
diagnosis | String | A single-line diagnosis of the first problem identified in the network interface. |
log | roArray of strings | A complete log of all the tests performed and their results. |
TestInternetConnectivity() As Object
Performs various tests on the Internet connection (via any available network interface, not necessarily the one specified when the roNetworkConfiguration object was created) to determine whether it appears to be working correctly. It reports the results via an associative array containing the following members:
Value | Type | Description |
---|---|---|
ok | Boolean | This value is |
diagnosis | String | A single line diagnosis of the first problem identified with the Internet connection. |
log | roArray of strings | A complete log of all the tests performed and their results. |
GetNeighborInformation() As roAssociativeArray
Retrieves location information from the network infrastructure using the LLDP-MED protocol. The information is returned as an associative array of strings corresponding to civic-address types, which are defined as follows according to the LLDP-MED specification:
Anchor | ||||
---|---|---|---|---|
|
CAtype | Label | Description |
---|---|---|
1 | A1 | national subdivisions (state, region, province, prefecture) |
2 | A2 | county, parish, gun(JP), district(IN) |
3 | A3 | city, township, shi(JP) |
4 | A4 | city division, borough, city district, ward, chou(JP) |
5 | A5 | neighborhood, block |
6 | A6 | street |
CAtype | NENA | PIDF | Description | Examples |
---|---|---|---|---|
0 |
...
...
language | i-default [3] | |||
16 | PRD | PRD | leading street direction | N |
17 | POD | POD | trailing street suffix | SW |
18 | STS | STS | street suffix | Ave, Platz |
19 | HNO | HNO | house number | 123 |
20 | HNS | HNS | house number suffix | A, 1/2 |
21 | LMK | LMK | landmark or vanity address | Columbia University |
22 | LOC | LOC | additional location information | South Wing |
23 | NAM | NAM | name (residence and office occupant) | Joe's Barbershop |
24 | ZIP | PC | postal/ZIP code | 10027-1234 |
25 |
...
...
building (structure) | Low Library | |||
26 |
...
...
unit (apartment, suite) | Apt 42 | ||
27 |
...
FLR | floor | 4 | ||
28 |
...
...
room number | 450F | ||
29 |
...
...
placetype | office | |||
30 | PCN |
...
postal community name | Leonia | ||
31 |
...
...
post office box (P |
...
12345
...
32
...
...
...
additional code
...
13203000003
...
128
...
...
...
script
...
Latn
...
255
...
...
...
reserved
...
ifWiFiConfiguration
ScanWiFi() As roArray
Scans for available wireless networks. The results are reported as an roArray containing one or more associative arrays with the following members:
...
essid
...
String
...
Network name
...
bssid
...
String
...
Access point BSSID
...
signal
...
Integer
...
.O Box) | 12345 | |||
32 | additional code | 13203000003 | ||
128 | script | Latn | ||
255 | reserved |
ifWiFiConfiguration
ScanWiFi() As roArray
Scans for available wireless networks. The results are reported as an roArray containing one or more associative arrays with the following members:
Value | Type | Description |
---|---|---|
essid | String | Network name |
bssid | String | Access point BSSID |
signal | Integer | Received signal strength indication. The absolute value of this field is not usually relevant, but it can be compared with the reported value on other networks or in different locations. |
ScanWiFi may fail if a previous scan has not completed, or a background scan is in progress. This potential failure should be handled in the script, and the script should retry ScanWifi if it does fail.
ReassociateWiFi(enable As Boolean) As Boolean
This method takes no parameters and attempts to disconnect from and reconnect to the currently-configured WiFi network. This should not normally be necessary, but could be useful when diagnosing network problems. Returns true
on success or false
on failure. When false
is returned calling GetFailureReason()
may provide more information as to why.
This method is present in BOS 8.4.20 and above, BOS 8.5.26 and above, and in all BOS 9.0 versions.
Note that this function may return before the network has been reconnected. Use roNetworkHotplug
to determine when reconnection is complete.
Network Authentication
BrightSign players support most commonly used wireless encryption formats: WEP (64 & 128), WPA (TKIP), and WPA2 (AES).
WPA Enterprise is supported using EAP-TLS (with DER, PEM, or PKCS#12 certificates) and PEAPv0/MSCHAPv2 (with a username and passphrase). Wired authentication via 802.1x is also supported. The configuration instructions below apply to both WiFi and wired authentication via 802.1x; the only difference is the wired/wireless parameter (0/1) passed during roNetworkConfiguration initialization.
EAP-TLS
EAP-TLS authentication requires a client certificate and private key. There are two ways to accomplish this:
Packaging the client certificate and private key in a single file in PKCS#12 format (using PEM or DER encoding), usually with a .p12 file extension. To do this, set the PKCS#12 file using the
SetWiFiPrivateKey()
method and pass a blank string to theSetWiFiClientCertificate()
method.Packaging the client certificate as a X.509 certificate (using PEM or DER encoding) and optionally securing the key with a passphrase (instead of the usual WiFi passphrase). To do this, set the client certificate using the
SetWiFiClientCertificate()
method and the key using theSetWiFiPrivateKey()
method. If the key is protected with a passphrase, you should then callSetWiFiPassphrase()
.
Certificate keys may contain binary data if not PEM formatted. In this case, they must be provided as an roByteArray object. Text formats may be passed using a string or roByteArray.
...
Example: Setting EAP-TLS with a .p12 file
Code Block |
---|
nc = CreateObject("roNetworkConfiguration",1)
p12 = CreateObject("roByteArray")
p12.ReadFile("client.p12")
nc.SetWiFiClientCertificate("")
nc.SetWiFiPrivateKey(p12)
nc.SetWiFiPassphrase("passwordgoeshere") |
During authentication, the Radius server is passed an identity. By default, the identity will be taken from the client certificate. If the certificate has a "subjectAltName", it will be used; otherwise, the "CommonName" is used. If neither of these are correct, the identity may be overridden. This default behavior can be overridden by calling SetWiFiIdentity()
, or it can be specified by passing a blank string to SetWiFiIdentity()
.
PEAP/MSCHAP
This mode requires an identity (username) and passphrase, rather than a client certificate. There may also be a second, "outer", identity–see the Special Cases section below for configuration details.
Code Block |
---|
nc = CreateObject("roNetworkConfiguration",1)
nc.SetWiFiIdentity("user@brightsign-example.com")
nc.SetWifiPassphrase("passwordgoeshere") |
Common Variants
Additional Certificates
Additional CA certificates are often
...
required when using a private or internal CA for authentication
...
. Also, some CA hierarchies require intermediate certificates, which are sometimes supplied via EAP. If the server does not supply them, they may be added to the CA file using the SetWiFiCACertififcates()
method. This method supports PEM
...
certificates.
If a CA is not supplied, no peer verification will be done and an unvalidated authentication/connection will occur.
Code Block |
---|
nc = CreateObject("roNetworkConfiguration",1)
ca = CreateObject("roByteArray")
ca.ReadFile("ca.pem")
nc.SetWiFiCACertificates(ca) |
Obfuscated WiFi Passphrase
If an obfuscated WiFi passphrase is required, you can substitute the SetObfuscatedWiFiPassphrase()
method for the SetWiFiPassphrase()
method. Contact support@brightsign.biz to learn more about generating a key for obfuscation and storing it on the player.
TKIP/CCMP Encryption
By default, both WPA (TKIP) and WPA2 (CCMP) encryption is permitted. You can alter this behavior using the SetSecurityMode()
method, which accepts a space-separated, case-insensitive list of allowed modes ("ccmp" and "tkip"). If both CCMP and TKIP are allowed, CCMP always has priority.
Code Block |
---|
nc = CreateObject("roNetworkConfiguration",1)
nc.SetWiFiSecurityMode("") 'Sets the default mode
nc.SetWiFiSecurityMode("ccmp tkip") 'Explicitly allows both modes (same as the default mode)
nc.SetWiFiSecurityMode("ccmp") 'Requires the use of CCMP |
Special Cases
MD5 Support
MD5 support is enabled by default for backwards-compatibility reasons. This behavior can be modified by passing the "md5=enable" or "md5=disable" string to the SetWiFiEapTlsOptions()
method.
Code Block |
---|
nc = CreateObject("roNetworkConfiguration",1)
nc.SetWiFiEapTlsOptions("md5=disable") |
Anonymous Identity
Some EAP-PEAP/MSCHAP configurations require an anonymous identity. By default, the BrightSign player uses the same inner and outer identity. An anonymous identity can be configured with the SetWiFiEaptTlsOptions()
method:
Code Block |
---|
nc = CreateObject("roNetworkConfiguration",1)
nc.SetWiFiEapTlsOptions("anonymous_identity=anon@brightsign.biz") |
Tip |
---|
...
Tip If neither MD5 or identity options are being used, the setting should be cleard by passing a blank string to the |
Validity Dates
Validity dates are required for both EAP-TLS and PEAP/MSCHAP. The current time is required to check the certificate. If the player clock has not been set, it will typically set its time using the network, but this requires EAP authentication first. To avoid this problem, there are two special exceptions:
EAP-TLS: When the clock is not set, the time is set to ten seconds after the client certificate becomes valid, which is usually sufficient to authenticate (though this may not be sufficient for servers with newer certificates than the client).
PEAP/MSCHAP: There is no client certificate, and the server certificate time is not checked when the date is not set.
The clock can also be set via the Diagnostic Web Server, which prevents either of the above exceptions from being used. Typically, the clock is also set from the network once it is available, so these exceptions are only used on first boot or when the clock battery has been completely emptied.
Examples
The following script disables WPA Enterprise configuration (which is otherwise persistent):
Code Block |
---|
nc = CreateObject("roNetworkConfiguration", 1)
nc.SetWiFiSecurityMode("")
nc.SetWiFiESSID("")
nc.SetWiFiIdentity("")
nc.SetWiFiCaCertificates("")
nc.SetWiFiClientCertificate("")
nc.SetWiFiPrivateKey("")
nc.SetWiFiPassphrase("")
nc.SetWiFiEapTlsOptions("")
ok = nc.Apply() |
...
The following script configures the WiFi for EAP-TLS using a PKCS#12 (.p12) file, without additional CA certificates:
Code Block |
---|
essid = "brightwifi"
pkcs12file = "client.p12"
pkcspass = "passwordgoeshere"
nc = CreateObject("roNetworkConfiguration", 1)
nc.SetWiFiESSID(essid)
p12 = CreateObject("roByteArray")
ok = p12.ReadFile(pkcs12file)
if ok then
nc.SetWiFiClientCertificate("")
nc.SetWiFiPrivateKey(p12)
nc.SetWiFiPassphrase(pkcspass)
nc.SetWiFiCaCertificates("")
nc.SetWiFiSecurityMode("")
nc.SetWiFiIdentity("")
nc.SetWiFiEapTlsOptions("")
ok = nc.Apply()
end if |
The following script configures the WiFi for EAP-TLS with additional certificates:
Code Block |
---|
essid = "brightwifi"
cafile = "cacert.pem"
pkcs12file = "client.p12"
pkcspass = "passwordgoeshere"
nc = CreateObject("roNetworkConfiguration", 1)
nc.SetWiFiESSID(essid)
p12 = CreateObject("roByteArray")
ok = p12.ReadFile(pkcs12file)
ca = CreateObject("roByteArray")
ok = ca.ReadFile(cafile) and ok
if ok then
nc.SetWiFiClientCertificate("")
nc.SetWiFiPrivateKey(p12)
nc.SetWiFiPassphrase(pkcspass)
nc.SetWiFiCaCertificates("")
nc.SetWiFiSecurityMode("")
nc.SetWiFiIdentity("")
nc.SetWiFiEapTlsOptions("")
ok = nc.Apply()
end if |
The following script configures the WiFi for PEAP/MSCHAP with additional CA files:
Code Block |
---|
essid = "brightwifi"
cafile = "ca.pem"
user = "someuser@brightsign.biz"
pass = "whatever"
ca = CreateObject("roByteArray")
ok = ca.ReadFile(cafile)
if ok then
nc = CreateObject("roNetworkConfiguration", 1)
nc.SetWiFiESSID(essid)
nc.SetWiFiIdentity(user)
nc.SetWiFiPassphrase(pass)
nc.SetWiFiCaCertificates(ca)
nc.SetWiFiClientCertificate("")
nc.SetWiFiPrivateKey("")
'Use this if an anonymous outer identity is required
'nc.SetWiFiEapTlsOptions("anonymous_identity=anon@brightsign.biz")
nc.SetWiFiEapTlsOptions("")
ok = nc.Apply()
if not ok then
fail = "Unable to set configuration: " + nc.GetFailureReason()
end if
else
fail = "Unable to read file " + cafile
end if
' if not ok, do something with the failure message |
...
The following script performs various VLAN configurations on the Ethernet interface:
Code Block |
---|
' Configure the VLANs first. Use defaults for VLAN6
n6=CreateObject("roNetworkConfiguration", "eth0.6")
print n6.ResetInterfaceSettings()
print n6.Apply()
' Use defaults for VLAN11
n11=CreateObject("roNetworkConfiguration", "eth0.11")
print n11.ResetInterfaceSettings()
print n11.Apply()
' Use static IP for VLAN15
n15=CreateObject("roNetworkConfiguration", "eth0.15")
print n15.SetIP4Address("192.168.15.100")
print n15.SetIP4Netmask("255.255.255.0")
print n15.Apply()
' Now enable VLANs 6, 11 and 15 on eth0.
n0=CreateObject("roNetworkConfiguration", "eth0")
print n0.SetVlanIds([6, 11, 15])
print n0.Apply() |