ON THIS PAGE
Object Creation: The roNetworkConfiguration object is created with a single parameter.
CreateObject("roNetworkConfiguration", network_interface as Dynamic)
The network_interface
parameter can be any of the following:
0
or"eth0"
: The Ethernet port on the BrightSign player1
or"wlan0"
: The internal WiFi2
or"ppp0"
: A connected modem
If the network_interface
is specified as an integer, the interface must currently exist on the player; otherwise, the object-creation function will return Invalid
. Conversely, specifying the network_interface
as a string allows you to create a roNetworkConfiguration instance for an interface that is not currently present on the player.
The network interface can be configured as a VLAN using the following string format: "[parent_interface].[vlan_id]"
(e.g "eth0.42"
). Once the VLAN interface(s) are configured, they must be enabled on the parent network interface (e.g. "eth0") using the SetVlanIds()
method. VLAN interfaces use DHCP by default. They are supported on Series 4 (XTx44, XDx34, HDx24, LS424) and Series 3 (XTx43, XDx33, HDx23, LS423, HO523) players only.
n6 = CreateObject("roNetworkConfiguration", "eth0.6")
Some of the settings below are specific to the network interface, while others are used by the BrightSign host for all network interfaces.
ifNetworkConfiguration
Apply() As Boolean
Applies the requested changes to the network interface. This method returns false
if the changes could not be applied to the network interface, though changes made using "Set" and "Reset" methods will be preserved through future reboots even if Apply()
fails. Configuration may take several seconds to complete.
Note
"Set" and "Reset" methods do not take effect until Apply()
is called.
SetupDWS(settings As roAssociativeArray) As Boolean
Configures the Diagnostic Web Server (DWS). This method returns true
if a restart is required for the changes to take effect. It will return false
if a restart is not required or if the method failed–the GetFailureReason()
method returns a non-empty string in event of failure.
By default, the Diagnostic Web Server is enabled on port 80, with the player serial number as password. Settings for the DWS are specified in an associative array. These properties are written to the registry and persist after reboot:
port
: The port number of the Diagnostic Web Server, located at the IP address of the player. Setting this value to 0 will disable the DWS, while setting it to "default" will make the DWS accessible on the default port (80). Specifying only this parameter in the associative array is equivalent to enabling the DWS without password protection.password
: An obfuscated password for the DWS. This method uses digest access authentication. Specifying this parameter without setting aport
number will make the DWS accessible on the default port.open
: An unobfuscated password for the DWS. This method uses digest access authentication. Specifying this parameter without setting aport
number will make the DWS accessible on the default port.basic
: A flag indicating whether basic authentication should be used or not. Setting this parameter totrue
allows the password set with theopen
parameter to be validated using basic authentication, rather than digest access authentication. This option allows for backwards compatibility with older platforms; most, if not all, modern browsers require basic authentication to be disabled in order to communicate with the DWS.
The user name is "admin" for all authentication configurations.
EnableLEDs(enable As Boolean) As Boolean
Enables or disables the Ethernet activity LED (i.e. flashing during link and activity behavior). The Ethernet LED is enabled by default. Changes to this setting do not persist across reboots. This method returns true
upon success and false
upon failure. Note that this method is not available on HDx10, HDx20, and LSx22 models.
SetClientIdentifier(a As String) As Boolean
Sets the DHCP client identifier.
GetClientIdentifier() As String
Returns the DHCP client identifier.
SetLoginPassword(password As String) As Boolean
Specifies a login password for the SSH connection (if SSH has been enabled in the registry). This method accepts a plain-text password.
SetObfuscatedLoginPassword(password As String) As Boolean
Specifies a login password for the SSH connection (if SSH has been enabled in the registry). This method accepts a password that has been obfuscated using a shared secret.
Note
Contact support@brightsign.biz to learn more about generating a key for obfuscation and storing it on the player.
SetInboundShaperRate(rate As Integer) As Boolean
Sets the bandwidth limit for inbound traffic in bits per second. For the default bandwidth limit, pass -1 to the method; for no bandwidth limit, pass 0 (though these two settings are functionally the same). You will need to call Apply()
for this setting to take effect, and changing this setting at any time will cause the network interface to be taken down and reinitialized.
Note
Because of overhead on the shaping algorithm, attempting to limit the bandwidth at rates greater than approximately 2Mbit/s will reduce speeds to less than the specified rate.
SetMTU(mtu As Integer) As Boolean
Sets the maximum transmission unit (MTU) for the network interface in bytes. Currently, the MTU setting is not returned when the GetCurrentConfig()
method is called.
SetRoutingMetric(a As Integer) As Boolean
Configures the metric for the default gateway on the current network interface. Routes with lower metrics are preferred over routes with higher metrics. This function returns true
upon success.
SetDHCP() As Boolean (interface)
Enables DHCP and disables all other settings. This function returns true
if successful.
SetEnabledProtocols(protocols as roArray) As Boolean
Enables or disables IPv4/IPv6 support on a network interface. By default, both protocol versions are supported, and the local-network configuration determines which version the interface uses. This method allows you to restrict support to one IP version.
The array passed to this method can have the following string values: "IPv4" or "IPv6". If the array contains both values, both protocols are supported; if it contains neither, the network interface will come up but not provide connectivity.
This method returns true
on success and false
on failure; use the GetFailureReason()
method to return more information in case of failure.
' Disable IPv6 and leave IPv4 enabled n1=CreateObject("roNetworkConfiguration", 1) print n1.SetEnabledProtocols(["IPv4"]) print n1.Apply()
GetEnabledProtocols() As roArray
Returns enabled IP versions on the interface. The array can contain the "IPv4" and "IPv6" string values.
SetIP4Address(ip As String) As Boolean (interface)
SetIP4Netmask(netmask As String) As Boolean (interface)
SetIP4Broadcast(broadcast As String) As Boolean (interface)
SetIP4Gateway(gateway As String) As Boolean (interface)
Sets the IPv4 interface configuration. All values must be specified explicitly. Unlike the ifconfig
shell command, there is no automatic inference. The parameter is a string dotted decimal quad (i.e. "192.168.1.2" or similar). It returns true
upon success.
nc = CreateObject("roNetworkConfiguration",0) nc.SetIP4Address("192.168.1.42") nc.SetIP4Netmask("255.255.255.0") nc.SetIP4Broadcast("192.168.1.255") nc.SetIP4Gateway("192.168.1.1")
SetVlanIds(vlan_ids As roArray) As Boolean
Enables the specified VLAN IDs (and only those IDs) on the network interface (the VLAN interfaces must be configured first). This method accepts an array of integers.
' Configure the VLANs first. Use defaults for VLAN6. n6=CreateObject("roNetworkConfiguration", "eth0.6") print n6.ResetInterfaceSettings() print n6.Apply() ' Use defaults for VLAN11. n11=CreateObject("roNetworkConfiguration", "eth0.11") print n11.ResetInterfaceSettings() print n11.Apply() ' Use static IP for VLAN15. n15=CreateObject("roNetworkConfiguration", "eth0.15") print n15.SetIP4Address("192.168.15.100") print n15.SetIP4Netmask("255.255.255.0") print n15.Apply() ' Now enable VLANs 6, 11 and 15 on eth0. n0=CreateObject("roNetworkConfiguration", "eth0") print n0.SetVlanIds([6, 11, 15]) print n0.Apply()
Note
VLAN configuration is persistent, even when VLAN is not enabled. If you use the SetVlanIds()
method to remove and then add VLAN IDs, they will return with the previous configuration by default. You can use the ResetInterfaceSettings()
method to remove any previous configuration.
SetWiFiESSID(essid as String) As Boolean
Configures the WiFi ESSID of the wireless network that the player will connect to. This method returns true
on success.
GetWiFiESSID() As String
Retrieves the configured WiFi ESSID, even if the player is not currently connected to that wireless network. Use the GetCurrentConfig().wifi_essid
value to retrieve the ESSID of the wireless network that the player is currently connected to.
SetWiFiPassphrase(passphrase as String) As Boolean
Configures the passphrase or key for the wireless network. This method accepts a plain-text passphrase. It returns true
if the passphrase is successfully set.
SetWiFiPassphraseAndObfuscate(a As String) As String
Configures the passphrase or key for the wireless network. This method accepts a plain-text passphrase and returns the obfuscated result. If the passphrase is not set, an empty string is returned instead.
SetObfuscatedWiFiPassphrase(password As String) As Boolean
Configures the passphrase or key for the wireless network. This method accepts a passphrase that has been obfuscated using a shared secret. It returns true
if the password is successfully set.
Note
Contact support@brightsign.biz to learn more about generating a key for obfuscation and storing it on the player.
SetWiFiFrequencies(frequencies As String) As Boolean
Sets valid WiFi frequencies to specified range. Supports 2 GHz("2GHz"), 5 GHz("5GHz"), or list of frequencies written in MHz("2412 2417"). It returns true
if the frequency is successfully set.
SetWiFiAccessPointMode(enable as Boolean) As Boolean
Enables or disables WiFi access-point mode: Passing true
to this method instructs the player to act as a wireless access point, which uses the ESSID and passphrase set with the SetWiFiESSID()
and SetWiFiPassphrase() (
or SetObfuscatedWiFiPassphrase()
) methods. If a passphrase has been set, the wireless access point will use WPA2 authentication–otherwise, it will use no authentication. This method returns true
on success and false
on failure; use the GetFailureReason()
method to return more information in case of failure.
WiFi access-point mode should be used for configuration only. It offers a minimal DHCP server, but does not provide DNS servers or routing to the Ethernet. We recommend assigning a static IP address to the wireless interface, though this is not enforced by the firmware.
Note
WiFi access-point mode is not available on Series 2 (4Kx42, XDx32, HDx22) or earlier models.
SetAccessPointFrequencyMHz(frequency As Integer) As Boolean
Sets the frequency of the wireless access point (in MHz). This method returns true
on success and false
on failure; use the GetFailureReason()
method to return more information in case of failure.
Note
The following SetWifi*
methods are used to configure WPA Enterprise with EAP-TLS.
SetWiFiIdentity(identity As String) As Boolean
Sets the RADIUS identity. In EAP-TLS mode, the identity will be taken from the client certificate if this method is not called ("subjectAltName" will be used if present; otherwise, the "commonName" is used). In EAP-PEAP/MSCHAP mode, this method must be called to set the identity.
SetWiFiEapTlsOptions(options As String) As Boolean
Sets EAP-specific options. Currently, this method can be used to enable or disable MD5 support ("md5=enable" or "md5=disable") and to set an anonymous identity for EAP-PEAP/MSCHAP configurations ("anonymous_identity=anon@brightsign.biz"). Multiple parameters can be set with a space-separated list. To clear previous settings, pass an empty string to this method.
SetWiFiCACertificates(certificates As Dynamic) As Boolean
Sets the CA certificate file for EAP-TLS (certificates can also be sent from an EAP peer). The certificate data can be specified as an roByteArray of Base64 data (for .cer, .pfx, or .p12 file formats) or an roString (for the .pem file format ). The supported binary formats are ASN.1 DER (for seperate certificates and keys) and PKCS#12 (for a single file that may contain both certificates and keys). The supported text format is PEM.
SetWiFiClientCertificate(certificate As Dynamic) As Boolean
Sets the client certificate for EAP-TLS. The certificate data can be specified as an roByteArray of Base64 data or an roString.
SetWiFiPrivateKey(key As Dynamic) As Boolean
Sets the private key for authentication. The certificate data can be specified as an roByteArray of Base64 data or an roString. If the private key is password protected, use the SetWiFiPassphrase()
method to set the password.
Note
If the client certificate and associated private key are in the same PKCS#12 file, the file contents should be specified using the SetWiFiPrivateKey()
method and the SetWiFiClientCertificate()
value should be left empty.
SetWiFiSecurityMode(mode As String) As Boolean
Sets the WiFi encryption method. By default, both WPA (TKIP) and WPA2 (CCMP) encryption are permitted. This method accepts a space-separated, case-insensitive list that can include either "tkip" or "ccmp" values. Passing an empty string sets the default mode. If both CCMP and TKIP are allowed, CCMP always has priority.
ConfigureDHCPServer(config As roAssociativeArray) As Boolean
Configures a DHCP server on the Ethernet port or wireless access point. This method accepts an associative array with the following parameters:
[string] ip4_start
:(Required) The beginning of the range of offered IP addresses[string] ip4_end
:(Required) The end of the range of offered IP addresses[roArray] name_servers
: An array of strings containing the IPv4 addresses of name servers (IPv6 addresses are not currently supported)[string] domain
: The domain suffix to be used by clients[string] ip4_gateway
: The IPv4 address of the gateway to be used by clients
To disable the DHCP server, pass an empty associative array ({}
) to this method. This method returns true
on success and false
on failure; use the GetFailureReason()
method to return information in case of failure.
Tip
DHCP lease information can be viewed by accessing either of the following IP addresses using a web browser on the local network: http://<brightsign-ip>/dhcp-server.html
or http://<brightsign-ip>/dhcp-server.txt
SetForwardingPolicy(parameters As roAssociativeArray) As Boolean
Configures the host-wide forwarding policy (this method applies to all network interfaces, no matter which roNetworkConfiguration instance it is called on). This method accepts an associative array with the following parameters:
[Boolean] forwarding_enabled
: A flag that enables or disables IP forwarding. This value isfalse
by default.[Boolean] nat_enabled
: A flag that enables or disables address translation with IP forwarding. If this parameter isfalse
(the default value), andforwarding_enabled
istrue
, IP datagrams are forwarded between all interfaces and no address translation is done. If this parameter istrue
, andforwarding_enabled
istrue
, IP datagrams are forwarded between all interfaces, but SNAT is applied to any datagrams that are sent out of the "upstream" interface. In this case, an "upstream" interface is defined as any interface on which the default route is set. Note that there can be multiple interfaces that meet this criteria. Datagrams that are destined for an interface that has no default route are forwarded without NAT.
SetDomain(domain As String) As Boolean (host)
Sets the device domain name. This will be appended to names to fully qualify them, though it is not necessary to call this. This method returns true
on success.
nc.SetDomain("brightsign.biz")
SetDNSServers(servers As roArray) As Boolean (host)
Sets the list of DNS servers if there were no DNS servers when the object was created. This method accepts an array of strings, each containing the dotted-quad IP address of a DNS server, and it returns true
on success. There is currently a maximum of three servers; the method will return false
if you attempt to add more than three servers.
Tip
To clear the list of DNS servers, call SetDNSServers([])
.
AddDNSServer(server As String) As Boolean (host)
Adds another DNS server to the list if there were no DNS servers when the object was created. This method accepts the dotted-quad IP address of a DNS server as a string, and it returns true
on success. There is currently a maximum of three servers; the method will return false
if you attempt to add more than three servers.
SetTimeServer(time_server As String) As Boolean (host)
Sets the default time server, which is "time.brightsignnetwork.com". You can disable the use of NTP by calling SetTimeServer("")
. You can use URL syntax to specify that the player use an HTTP or HTTPS server to synchronize the clock. The following are valid time server addresses:
- http://time.brightsignnetwork.com/
- https://time.brightsignnetwork.com/
- ntp://time.brightsignnetwork.com/
- time.brightsignnetwork.com
Note
GetTimeServer() As String
Retrieves the (host) time server currently in use.
SetTimeServerIntervalSeconds(interval_in_seconds As Integer) As Boolean
Specifies how often the player should communicate with the time server and adjust its clock. The default interval is 12 hours; passing a value of 0 specifies the default interval. The minimum interval allowed is 120 seconds.
GetTimeServerIntervalSeconds() As Integer
Returns the current interval for time-server renewal (in seconds).
SetHostName(name as String) As Boolean (host)
Sets the device host name. If no host name has been explicitly set, then a host name is automatically generated based on the device serial number. Passing an empty string to this method resets the device host name to its automatically generated value.
GetHostName() As String (host)
Retrieves the host name currently in use.
SetProxy(proxy as String) As Boolean (host)
Sets the name or address of the proxy server used for HTTP and FTP requests. The proxy string should be formatted as "http://user:password@hostname:port". The hostname can contain up to four "*" characters; each "*" character can be used to replace one octet from the current IP address. For example, if the IP address is currently 192.168.1.2, and the proxy is set to "proxy-*-*", then the player will attempt to use a proxy named "proxy-192.168".
GetProxy() As String (host)
Returns the name or address of the proxy server.
SetProxyBypass(hostnames As Array) As Boolean
Exempts the specified hosts from the proxy setting. The passed array should consist of one or more hostnames. The player will attempt to reach the specified hosts directly rather than using the proxy that has been specified with the SetProxy()
method. For example, the hostname "example.com" would exempt "example.com", "example.com:80", and "www.example.com" from the proxy setting.
GetProxyBypass() As roArray
Returns an array of hostnames that have been exempted from the proxy setting using the SetProxyBypass()
method.
GetRecoveryUrl() As String
Returns the current recovery URL, which is stored in the "ru" entry of the "networking" registry section. If the recovery URL is set via DHCP Option 43, it will take precedence over the "ru" registry entry.
ResetInterfaceSettings() As Boolean
Clears all interface-specific settings (e.g. IP address, default gateway). This method is ideal for resetting an interface to a known, empty state before configuring specific settings.
ResetHostSettings() As Boolean
Clears all host settings (i.e. settings that don't take the interface number into account and that don't affect the specified network interface; e.g. the time server).
GetFailureReason() As String
Returns additional information when a member function returns false
.
GetCurrentConfig() As Object
Retrieves the entire current configuration as an associative array containing the following members:
Value | Type | Host/Interface | Description |
---|---|---|---|
metric | Integer | Interface | Returns the current routing metric for the interface. See the |
dhcp | Boolean | Interface | Returns |
hostname | String | Host | The currently configured host name |
mdns_hostname | String | Host | The Zeroconf host name currently in use. This may be longer than the host name if there is a collision on the current network. |
ethernet_mac | String | Interface | The Ethernet MAC address |
ip4_address | String | Interface | The current IPv4 address. If none is currently set, the string will be empty. |
ip4_netmask | String | Interface | The current IPv4 network mask. If none is currently set, the string will be empty. |
ip4_broadcast | String | Interface | The current IPv4 broadcast address. If none is currently set, the string will be empty. |
ip4_gateway | String | Interface | The current IPv4 gateway address. If none is currently set, the string will be empty. |
domain | String | Host | The current domain suffix |
dns_servers | roArray of Strings | Host | The currently active DNS servers |
time_server | String | Host | The current time server |
configured_proxy | String | Host | The currently configured proxy. This may contain magic characters as explained under |
current_proxy | String | Host | The currently active proxy. Any magic characters will have been replaced as explained under |
shape_inbound | Integer | Interface | The current bandwidth shaping for inbound traffic determined by the |
type | String | Interface | Either "wired" or "wifi" |
link | Boolean | Interface | Indicates whether the network interface is currently connected. |
wifi_essid | String | Interface | The name of the current Wi-Fi network (if any) |
wifi_signal | Integer | Interface | An indication of the received signal strength. The absolute value of this field is usually not meaningful, but it can be compared with the reported value on other networks or in different locations. |
TestInterface() As Object
Performs various tests on the network interface to determine whether it appears to be working correctly. It reports the results via an associative array containing the following members:
Value | Type | Description |
---|---|---|
ok | Boolean | This value is |
diagnosis | String | A single-line diagnosis of the first problem identified in the network interface. |
log | roArray of strings | A complete log of all the tests performed and their results. |
TestInternetConnectivity() As Object
Performs various tests on the Internet connection (via any available network interface, not necessarily the one specified when the roNetworkConfiguration object was created) to determine whether it appears to be working correctly. It reports the results via an associative array containing the following members:
Value | Type | Description |
---|---|---|
ok | Boolean | This value is |
diagnosis | String | A single line diagnosis of the first problem identified with the Internet connection. |
log | roArray of strings | A complete log of all the tests performed and their results. |
GetNeighborInformation() As roAssociativeArray
Retrieves location information from the network infrastructure using the LLDP-MED protocol. The information is returned as an associative array of strings corresponding to civic-address types, which are defined as follows according to the LLDP-MED specification:
CAtype | Label | Description |
---|---|---|
1 | A1 | national subdivisions (state, region, province, prefecture) |
2 | A2 | county, parish, gun(JP), district(IN) |
3 | A3 | city, township, shi(JP) |
4 | A4 | city division, borough, city district, ward, chou(JP) |
5 | A5 | neighborhood, block |
6 | A6 | street |
CAtype | NENA | PIDF | Description | Examples |
---|---|---|---|---|
0 | language | i-default [3] | ||
16 | PRD | PRD | leading street direction | N |
17 | POD | POD | trailing street suffix | SW |
18 | STS | STS | street suffix | Ave, Platz |
19 | HNO | HNO | house number | 123 |
20 | HNS | HNS | house number suffix | A, 1/2 |
21 | LMK | LMK | landmark or vanity address | Columbia University |
22 | LOC | LOC | additional location information | South Wing |
23 | NAM | NAM | name (residence and office occupant) | Joe's Barbershop |
24 | ZIP | PC | postal/ZIP code | 10027-1234 |
25 | building (structure) | Low Library | ||
26 | unit (apartment, suite) | Apt 42 | ||
27 | FLR | floor | 4 | |
28 | room number | 450F | ||
29 | placetype | office | ||
30 | PCN | postal community name | Leonia | |
31 | post office box (P.O Box) | 12345 | ||
32 | additional code | 13203000003 | ||
128 | script | Latn | ||
255 | reserved |
ifWiFiConfiguration
ScanWiFi() As roArray
Scans for available wireless networks. The results are reported as an roArray containing one or more associative arrays with the following members:
Value | Type | Description |
---|---|---|
essid | String | Network name |
bssid | String | Access point BSSID |
signal | Integer | Received signal strength indication. The absolute value of this field is not usually relevant, but it can be compared with the reported value on other networks or in different locations. |
Network Authentication
BrightSign players support most commonly used wireless encryption formats: WEP (64 & 128), WPA (TKIP), and WPA2 (AES).
WPA Enterprise is supported using EAP-TLS (with DER, PEM, or PKCS#12 certificates) and PEAPv0/MSCHAPv2 (with a username and passphrase). Wired authentication via 802.1x is also supported. The configuration instructions below apply to both WiFi and wired authentication via 802.1x; the only difference is the wired/wireless parameter (0/1) passed during roNetworkConfiguration initialization.
EAP-TLS
EAP-TLS authentication requires a client certificate and private key. There are two ways to accomplish this:
- Packaging the client certificate and private key in a single file in PKCS#12 format (using PEM or DER encoding), usually with a .p12 file extension. To do this, set the PKCS#12 file using the
SetWiFiPrivateKey()
method and pass a blank string to theSetWiFiClientCertificate()
method. - Packaging the client certificate as a X.509 certificate (using PEM or DER encoding) and optionally securing the key with a passphrase (instead of the usual WiFi passphrase). To do this, set the client certificate using the
SetWiFiClientCertificate()
method and the key using theSetWiFiPrivateKey()
method. If the key is protected with a passphrase, you should then callSetWiFiPassphrase()
.
Certificate keys may contain binary data if not PEM formatted. In this case, they must be provided as an roByteArray object. Text formats may be passed using a string or roByteArray.
nc = CreateObject("roNetworkConfiguration",1) p12 = CreateObject("roByteArray") p12.ReadFile("client.p12") nc.SetWiFiClientCertificate("") nc.SetWiFiPrivateKey(p12) nc.SetWiFiPassphrase("passwordgoeshere")
During authentication, the Radius server is passed an identity. By default, the identity will be taken from the client certificate. If the certificate has a "subjectAltName", it will be used; otherwise, the "CommonName" is used. If neither of these are correct, the identity may be overridden. This default behavior can be overridden by calling SetWiFiIdentity()
, or it can be specified by passing a blank string to SetWiFiIdentity()
.
PEAP/MSCHAP
This mode requires an identity (username) and passphrase, rather than a client certificate. There may also be a second, "outer", identity–see the Special Cases section below for configuration details.
nc = CreateObject("roNetworkConfiguration",1) nc.SetWiFiIdentity("user@brightsign-example.com") nc.SetWifiPassphrase("passwordgoeshere")
Common Variants
Additional Certificates
Additional CA certificates are often required (and using a custom CA for authentication is potentially more secure). Also, some CA hierarchies require intermediate certificates, which are sometimes supplied via EAP. If the server does not supply them, they may be added to the CA file using the SetWiFiCACertififcates()
method. This method supports PEM and DER certificates.
nc = CreateObject("roNetworkConfiguration",1) ca = CreateObject("roByteArray") ca.ReadFile("ca.pem") nc.SetWiFiCACertificates(ca)
Obfuscated WiFi Passphrase
If an obfuscated WiFi passphrase is required, you can substitute the SetObfuscatedWiFiPassphrase()
method for the SetWiFiPassphrase()
method. Contact support@brightsign.biz to learn more about generating a key for obfuscation and storing it on the player.
TKIP/CCMP Encryption
By default, both WPA (TKIP) and WPA2 (CCMP) encryption is permitted. You can alter this behavior using the SetSecurityMode()
method, which accepts a space-separated, case-insensitive list of allowed modes ("ccmp" and "tkip"). If both CCMP and TKIP are allowed, CCMP always has priority.
nc = CreateObject("roNetworkConfiguration",1) nc.SetWiFiSecurityMode("") 'Sets the default mode nc.SetWiFiSecurityMode("ccmp tkip") 'Explicitly allows both modes (same as the default mode) nc.SetWiFiSecurityMode("ccmp") 'Requires the use of CCMP
Special Cases
MD5 Support
MD5 support is enabled by default for backwards-compatibility reasons. This behavior can be modified by passing the "md5=enable" or "md5=disable" string to the SetWiFiEapTlsOptions()
method.
nc = CreateObject("roNetworkConfiguration",1) nc.SetWiFiEapTlsOptions("md5=disable")
Anonymous Identity
Some EAP-PEAP/MSCHAP configurations require an anonymous identity. By default, the BrightSign player uses the same inner and outer identity. An anonymous identity can be configured with the SetWiFiEaptTlsOptions()
method:
nc = CreateObject("roNetworkConfiguration",1) nc.SetWiFiEapTlsOptions("anonymous_identity=anon@brightsign.biz")
Tip
If neither MD5 or identity options are being used, the setting should be cleard by passing a blank string to the SetWiFiEaptTlsOptions()
method.
Validity Dates
Validity dates are required for both EAP-TLS and PEAP/MSCHAP. The current time is required to check the certificate. If the player clock has not been set, it will typically set its time using the network, but this requires EAP authentication first. To avoid this problem, there are two special exceptions:
- EAP-TLS: When the clock is not set, the time is set to ten seconds after the client certificate becomes valid, which is usually sufficient to authenticate (though this may not be sufficient for servers with newer certificates than the client).
- PEAP/MSCHAP: There is no client certificate, and the server certificate time is not checked when the date is not set.
The clock can also be set via the Diagnostic Web Server, which prevents either of the above exceptions from being used. Typically, the clock is also set from the network once it is available, so these exceptions are only used on first boot or when the clock battery has been completely emptied.
Examples
The following script disables WPA Enterprise configuration (which is otherwise persistent):
nc = CreateObject("roNetworkConfiguration", 1) nc.SetWiFiSecurityMode("") nc.SetWiFiESSID("") nc.SetWiFiIdentity("") nc.SetWiFiCaCertificates("") nc.SetWiFiClientCertificate("") nc.SetWiFiPrivateKey("") nc.SetWiFiPassphrase("") nc.SetWiFiEapTlsOptions("") ok = nc.Apply()
The following script configures the WiFi for EAP-TLS using a PKCS#12 (.p12) file, without additional CA certificates:
essid = "brightwifi" pkcs12file = "client.p12" pkcspass = "passwordgoeshere" nc = CreateObject("roNetworkConfiguration", 1) nc.SetWiFiESSID(essid) p12 = CreateObject("roByteArray") ok = p12.ReadFile(pkcs12file) if ok then nc.SetWiFiClientCertificate("") nc.SetWiFiPrivateKey(p12) nc.SetWiFiPassphrase(pkcspass) nc.SetWiFiCaCertificates("") nc.SetWiFiSecurityMode("") nc.SetWiFiIdentity("") nc.SetWiFiEapTlsOptions("") ok = nc.Apply() end if
The following script configures the WiFi for EAP-TLS with additional certificates:
essid = "brightwifi" cafile = "cacert.pem" pkcs12file = "client.p12" pkcspass = "passwordgoeshere" nc = CreateObject("roNetworkConfiguration", 1) nc.SetWiFiESSID(essid) p12 = CreateObject("roByteArray") ok = p12.ReadFile(pkcs12file) ca = CreateObject("roByteArray") ok = ca.ReadFile(cafile) and ok if ok then nc.SetWiFiClientCertificate("") nc.SetWiFiPrivateKey(p12) nc.SetWiFiPassphrase(pkcspass) nc.SetWiFiCaCertificates("") nc.SetWiFiSecurityMode("") nc.SetWiFiIdentity("") nc.SetWiFiEapTlsOptions("") ok = nc.Apply() end if
The following script configures the WiFi for PEAP/MSCHAP with additional CA files:
essid = "brightwifi" cafile = "ca.pem" user = "someuser@brightsign.biz" pass = "whatever" ca = CreateObject("roByteArray") ok = ca.ReadFile(cafile) if ok then nc = CreateObject("roNetworkConfiguration", 1) nc.SetWiFiESSID(essid) nc.SetWiFiIdentity(user) nc.SetWiFiPassphrase(pass) nc.SetWiFiCaCertificates(ca) nc.SetWiFiClientCertificate("") nc.SetWiFiPrivateKey("") 'Use this if an anonymous outer identity is required 'nc.SetWiFiEapTlsOptions("anonymous_identity=anon@brightsign.biz") nc.SetWiFiEapTlsOptions("") ok = nc.Apply() if not ok then fail = "Unable to set configuration: " + nc.GetFailureReason() end if else fail = "Unable to read file " + cafile end if ' if not ok, do something with the failure message
The following script performs various VLAN configurations on the Ethernet interface:
' Configure the VLANs first. Use defaults for VLAN6 n6=CreateObject("roNetworkConfiguration", "eth0.6") print n6.ResetInterfaceSettings() print n6.Apply() ' Use defaults for VLAN11 n11=CreateObject("roNetworkConfiguration", "eth0.11") print n11.ResetInterfaceSettings() print n11.Apply() ' Use static IP for VLAN15 n15=CreateObject("roNetworkConfiguration", "eth0.15") print n15.SetIP4Address("192.168.15.100") print n15.SetIP4Netmask("255.255.255.0") print n15.Apply() ' Now enable VLANs 6, 11 and 15 on eth0. n0=CreateObject("roNetworkConfiguration", "eth0") print n0.SetVlanIds([6, 11, 15]) print n0.Apply()