roNetworkConfiguration

72 min

this object provides various methods for configuring the network interfaces on a brightsign player the javascript equivalent is docid 6ms7rdjwwhp21clmedrwv (see docid 2kewwxlmpycwu8tffuf2z for the method equivalents) object creation the ronetworkconfiguration object is created with a single parameter createobject("ronetworkconfiguration", network interface as dynamic) the network interface parameter can be any of the following 0 or "eth0" the ethernet port on the brightsign player 1 or "wlan0" the internal wifi 2 or "ppp0" a connected modem "usb0" , "usb1" , etc usb ethernet interfaces if the network interface is specified as an integer, the interface must currently exist on the player; otherwise, the object creation function will return invalid conversely, specifying the network interface as a string allows you to create a ronetworkconfiguration instance for an interface that is not currently present on the player the network interface can be configured as a vlan using the following string format "\[parent interface] \[vlan id]" (e g "eth0 42" ) once the vlan interface(s) are configured, they must be enabled on the parent network interface (e g "eth0") using the setvlanids() method vlan interfaces use dhcp by default they are supported on series 4 (xtx44, xdx34, hdx24, ls424) and series 3 (xtx43, xdx33, hdx23, ls423, ho523) players only also see docid 0jdtagrv4albwlyfjnj45 example n6 = createobject("ronetworkconfiguration", "eth0 6") some of the settings below are specific to the network interface, while others are used by the brightsign host for all network interfaces ifnetworkconfiguration apply() as boolean applies the requested changes to the network interface this method returns false if the changes could not be applied to the network interface, though changes made using "set" and "reset" methods will be preserved through future reboots even if apply() fails configuration may take several seconds to complete "set" and "reset" methods do not take effect until apply() is called setupdws(settings as roassociativearray) as boolean configures the diagnostic web server (dws) this method returns true if a restart is required for the changes to take effect it will return false if a restart is not required or if the method failed–the getfailurereason() method returns a non empty string in event of failure the local dws (ldws) is disabled by default in bos 9 0 218 on the 9 0 branch, and in bos 9 1 75 on the 9 1 branch the local dws (ldws) is disabled by default in bos 9 0 218 on the 9 0 branch, and in bos 9 1 75 on the 9 1 branch to enable the ldws, see to enable the ldws, see access the local dws on previous bos versions, the ldws is enabled by default on port 80, with the player serial number as password settings for the ld ws are specified in an associative array these properties are written to the registry and persist after reboot ws are specified in an associative array these properties are written to the registry and persist after reboot port the port number of the ldws, located at the ip address of the player setting this value to 0 will disable the ldws, while setting it to "default" will make the ldws accessible on the default port (80) password an obfuscated password for the ldws this method uses digest access authentication specifying this parameter without setting a port number will make the ldws accessible on the default port open an unobfuscated password for the ldws this method uses digest access authentication the default port is 80 specifying this parameter without setting a port number will make the ldws accessible on the default port specifying this parameter in the associative array with an empty string is equivalent to enabling the ldws without password protection basic a flag indicating whether basic authentication should be used or not setting this parameter to true allows the password set with the open parameter to be validated using basic authentication, rather than digest access authentication this option allows for backwards compatibility with older platforms; most, if not all, modern browsers require basic authentication to be disabled in order to communicate with the ldws the user name is "admin" for all authentication configurations enableleds(enable as boolean) as boolean enables or disables the ethernet activity led (i e flashing during link and activity behavior) the ethernet led is enabled by default changes to this setting do not persist across reboots this method returns true upon success and false upon failure note that this method is not available on hdx10, hdx20, and lsx22 models setclientidentifier(a as string) as boolean sets the dhcp client identifier getclientidentifier() as string returns the dhcp client identifier setloginpassword(password as string) as boolean specifies a login password for the ssh connection (if ssh has been enabled in the registry) this method accepts a plain text password when a recent ssh client attempts to connect to the sshd on a brightsign player, the connection must specify the host key algorithms to try, otherwise the player will not find a compatible algorithm “ssh o hostkeyalgorithms=ssh rsa,ssh dss brightsign\@172 22 200 74” offers a list of possible host keys setobfuscatedloginpassword(password as string) as boolean specifies a login password for the ssh connection (if ssh has been enabled in the registry) this method accepts a password that has been obfuscated using a shared secret contact mailto\ support\@brightsign biz to learn more about generating a key for obfuscation and storing it on the player flushdnscache() flushes the player's dns cache this method is available in brightsign os 8 3 32 and later releases note that certain objects (such as rourltransfer) may continue to use the old results for a short period of time after the os 8 3 32 release to use this method nc = createobject("ronetworkconfiguration", 0) if not nc flushdnscache() then print "flush dns cache failed "; nc getfailurereason() end if setinboundshaperrate(rate as integer) as boolean sets the bandwidth limit for inbound traffic in bits per second for the default bandwidth limit, pass 1 to the method; for no bandwidth limit, pass 0 (though these two settings are functionally the same) you will need to call apply() for this setting to take effect, and changing this setting at any time will cause the network interface to be taken down and reinitialized setmtu(mtu as integer) as boolean sets the maximum transmission unit (mtu) for the network interface in bytes currently, the mtu setting is not returned when the getcurrentconfig() method is called setroutingmetric(a as integer) as boolean configures the metric for the default gateway on the current network interface routes with lower metrics are preferred over routes with higher metrics this function returns true upon success setdhcp() as boolean (interface) enables dhcp and disables all other settings this function returns true if successful resetsshhostkeys() as boolean erases all the ssh server host keys if the method returns true then a reboot is required for the server to start using the new keys if the method returns false then call getfailurereason() if that returns an empty string then the call was successful and no reboot is required for the new keys to take effect if getfailurereason() returns a non empty string then the call failed setenabledprotocols(protocols as roarray) as boolean enables or disables ipv4/ipv6 support on a network interface by default, both protocol versions are supported, and the local network configuration determines which version the interface uses this method allows you to restrict support to one ip version the array passed to this method can have the following string values "ipv4" or "ipv6" if the array contains both values, both protocols are supported; if it contains neither, the network interface will come up but not provide connectivity this method returns true on success and false on failure; use the getfailurereason() method to return more information in case of failure example ' disable ipv6 and leave ipv4 enabled n1=createobject("ronetworkconfiguration", 1) print n1 setenabledprotocols(\["ipv4"]) print n1 apply() getenabledprotocols() as roarray returns enabled ip versions on the interface the array can contain the "ipv4" and "ipv6" string values setip4address(ip as string) as boolean (interface) setip4netmask(netmask as string) as boolean (interface) setip4broadcast(broadcast as string) as boolean (interface) setip4gateway(gateway as string) as boolean (interface) sets the ipv4 interface configuration all values must be specified explicitly unlike the ifconfig shell command, there is no automatic inference the parameter is a string dotted decimal quad (i e "192 168 1 2" or similar) it returns true upon success example nc = createobject("ronetworkconfiguration",0) nc setip4address("192 168 1 42") nc setip4netmask("255 255 255 0") nc setip4broadcast("192 168 1 255") nc setip4gateway("192 168 1 1") setvlanids(vlan ids as roarray) as boolean enables the specified vlan ids (and only those ids) on the network interface (the vlan interfaces must be configured first) this method accepts an array of integers the physical interface ( eth0 in the example) is disabled by default when vlans are enabled to use both the physical interface (that is, without vlan tags) and vlans, users should specify a vlan id of zero in the array when calling setvlanids example ' configure the vlans first use defaults for vlan6 n6=createobject("ronetworkconfiguration", "eth0 6") print n6 resetinterfacesettings() print n6 apply() ' use defaults for vlan11 n11=createobject("ronetworkconfiguration", "eth0 11") print n11 resetinterfacesettings() print n11 apply() ' use static ip for vlan15 n15=createobject("ronetworkconfiguration", "eth0 15") print n15 setip4address("192 168 15 100") print n15 setip4netmask("255 255 255 0") print n15 apply() ' now enable vlans 6, 11 and 15 on eth0 n0=createobject("ronetworkconfiguration", "eth0") print n0 setvlanids(\[6, 11, 15]) print n0 apply() vlan configuration is persistent, even when vlan is not enabled if you use the setvlanids() method to remove and then add vlan ids, they will return with the previous configuration by default you can use the resetinterfacesettings() method to remove any previous configuration setwifiessid(essid as string) as boolean configures the wifi essid of the wireless network that the player will connect to this method returns true on success getwifiessid() as string retrieves the configured wifi essid, even if the player is not currently connected to that wireless network use the getcurrentconfig() wifi essid value to retrieve the essid of the wireless network that the player is currently connected to setwifipassphrase(passphrase as string) as boolean configures the passphrase or key for the wireless network this method accepts a plain text passphrase it returns true if the passphrase is successfully set setwifipassphraseandobfuscate(a as string) as string configures the passphrase or key for the wireless network this method accepts a plain text passphrase and returns the obfuscated result if the passphrase is not set, an empty string is returned instead setobfuscatedwifipassphrase(password as string) as boolean configures the passphrase or key for the wireless network this method accepts a passphrase that has been obfuscated using a shared secret it returns true if the password is successfully set contact mailto\ support\@brightsign biz to learn more about generating a key for obfuscation and storing it on the player setwififrequencies(frequencies as string) as boolean sets valid wifi frequencies to specified range supports 2ghz, 5ghz, or list of frequencies written in mhz("2412 2417") it returns true if the frequency is successfully set setwifiaccesspointmode(enable as boolean) as boolean enables or disables wifi access point mode passing true to this method instructs the player to act as a wireless access point, which uses the essid and passphrase set with the setwifiessid() and setwifipassphrase() (or setobfuscatedwifipassphrase() ) methods if a passphrase has been set, the wireless access point will use wpa2 authentication–otherwise, it will use no authentication this method returns true on success and false on failure; use the getfailurereason() method to return more information in case of failure wifi access point mode should be used for configuration only it offers a minimal dhcp server, but does not provide dns servers or routing to the ethernet we recommend assigning a static ip address to the wireless interface, though this is not enforced by the firmware setwifiaccesspointhidden(bool hidden) if hidden is true, the ssid is hidden, if false then it is visible the default is non hidden, which was the previous behavior wifi access point mode is not available on series 2 (4kx42, xdx32, hdx22) or earlier models setwifiaccesspointfrequencymhz(frequency as integer) as boolean sets the https //en wikipedia org/wiki/list of wlan channels of the wireless access point (in mhz) this method returns true on success and false on failure; use the getfailurereason() method to return more information in case of failure the following setwifi methods are used to configure wpa enterprise with eap tls setwifiidentity(identity as string) as boolean sets the radius identity in eap tls mode, the identity will be taken from the client certificate if this method is not called ("subjectaltname" will be used if present; otherwise, the "commonname" is used) in eap peap/mschap mode, this method must be called to set the identity setwifieaptlsoptions(options as string) as boolean sets eap specific options currently, this method can be used to enable or disable md5 support ("md5=enable" or "md5=disable") and to set an anonymous identity for eap peap/mschap configurations ("anonymous identity=anon\@brightsign biz") multiple parameters can be set with a space separated list to clear previous settings, pass an empty string to this method setwificacertificates(certificates as dynamic) as boolean sets the ca certificate file for eap tls (certificates can also be sent from an eap peer) the certificate data can be specified as an robytearray of base64 data (for cer , pfx , or p12 file formats) or an rostring (for the pem file format ) the supported binary formats are asn 1 der (for seperate certificates and keys) and pkcs#12 (for a single file that may contain both certificates and keys) the supported text format is pem setwificlientcertificate(certificate as dynamic) as boolean sets the client certificate for eap tls the certificate data can be specified as an robytearray of base64 data or an rostring setwifiprivatekey(key as dynamic) as boolean sets the private key for authentication the certificate data can be specified as an robytearray of base64 data or an rostring if the private key is password protected, use the setwifipassphrase() method to set the password if the client certificate and associated private key are in the same pkcs#12 file, the file contents should be specified using the setwifiprivatekey() method and the setwificlientcertificate() value should be left empty setwifisecuritymode(mode as string) as boolean sets the wifi encryption method by default, both wpa (tkip) and wpa2 (ccmp) encryption are permitted this method accepts a space separated, case insensitive list that can include either "tkip" or "ccmp" values passing an empty string sets the default mode if both ccmp and tkip are allowed, ccmp always has priority configuredhcpserver(config as roassociativearray) as boolean configures a dhcp server on the ethernet port or wireless access point this method accepts an associative array with the following parameters ip4 start string string required required the beginning of the range of offered ip addresses ip4 end string string required required the end of the range of offered ip addresses name servers roarray roarray an array of strings containing the ipv4 addresses of name servers (ipv6 addresses are not currently supported) domain string string the domain suffix to be used by clients ip4 gateway string string the ipv4 address of the gateway to be used by clients to disable the dhcp server, pass an empty associative array ( {} ) to this method this method returns true on success and false on failure; use the getfailurereason() method to return information in case of failure dhcp lease information can be viewed by accessing either of the following ip addresses using a web browser on the local network http //\<brightsign ip>/dhcp server html or http //\<brightsign ip>/dhcp server txt setforwardingpolicy(parameters as roassociativearray) as boolean configures the host wide forwarding policy (this method applies to all network interfaces, no matter which ronetworkconfiguration instance it is called on) the return value is true on success or false on failure this method accepts an associative array with the following parameters forwarding enabled boolean boolean (required) a flag that enables or disables ip forwarding forwarding enabled must be specified as either true or false if forwarding enabled is false , no ip forwarding takes place this is the default and matches previous behavior nat enabled boolean boolean (required) a flag that enables or disables address translation with ip forwarding if forwarding enabled is true , nat enabled must be specified as true or false if forwarding enabled is true and nat enabled is false , ip datagrams are forwarded between all interfaces and no address translation is done if forwarding enabled is true and nat enabled is true , ip datagrams are forwarded between all interfaces but snat is applied to any datagrams which are sent out of an "upstream" interface for this purpose, an "upstream" interface is any one on which a default route is set note that there can be more than one such interface datagrams which are destined for an interface that has no default route are forwarded without nat note that the forwarding policy is a host wide setting and it makes no difference which interface was selected when the ronetworkconfiguration object was created setdomain(domain as string) as boolean (host) sets the device domain name this will be appended to names to fully qualify them, though it is not necessary to call this this method returns true on success example nc setdomain("brightsign biz") setdnsservers(servers as roarray) as boolean (host) sets the list of dns servers if there were no dns servers when the object was created this method accepts an array of strings, each containing the dotted quad ip address of a dns server, and it returns true on success there is currently a maximum of three servers; the method will return false if you attempt to add more than three servers to clear the list of dns servers, call setdnsservers(\[]) adddnsserver(server as string) as boolean (host) adds another dns server to the list if there were no dns servers when the object was created this method accepts the dotted quad ip address of a dns server as a string, and it returns true on success there is currently a maximum of three servers; the method will return false if you attempt to add more than three servers settimeserver(time server as string) as boolean (host) sets the default time server, which is "time brightsignnetwork com" you can disable the use of ntp by calling settimeserver("") you can use url syntax to specify that the player use an http or https server to synchronize the clock the following are valid time server addresses http //time brightsignnetwork com/ https //time brightsignnetwork com/ ntp\ //time brightsignnetwork com/ time brightsignnetwork com the last two addresses are equivalent gettimeserver() as string retrieves the (host) time server currently in use settimeserverintervalseconds(interval in seconds as integer) as boolean specifies how often the player should communicate with the time server and adjust its clock the default interval is 12 hours; passing a value of 0 specifies the default interval the minimum interval allowed is 120 seconds gettimeserverintervalseconds() as integer returns the current interval for time server renewal (in seconds) sethostname(name as string) as boolean (host) sets the device host name if no host name has been explicitly set, then a host name is automatically generated based on the device serial number passing an empty string to this method resets the device host name to its automatically generated value gethostname() as string (host) retrieves the host name currently in use setproxy(proxy as string) as boolean (host) sets the name or address of the proxy server used for http and ftp requests the proxy string should be formatted as "http //user\ password\@hostname\ port" the hostname can contain up to four " " characters; each " " character can be used to replace one octet from the current ip address for example, if the ip address is currently 192 168 1 2, and the proxy is set to "proxy ", then the player will attempt to use a proxy named "proxy 192 168" the following characters must be percent encoded for the user name and password spc %20 " %22 # %23 % %25 / %2f < %3c > %3e ? %3f @ %40 \[ %5b \ %5c ] %5d ^ %5e ` %60 { %7b | %7c } %7d getproxy() as string (host) returns the name or address of the proxy server setproxybypass(hostnames as array) as boolean exempts the specified hosts from the proxy setting the passed array should consist of one or more hostnames the player will attempt to reach the specified hosts directly rather than using the proxy that has been specified with the setproxy() method for example, the hostname "http //example com " would exempt "http //example com ", "http //example com 80 ", and "http //www example com " from the proxy setting getproxybypass() as roarray returns an array of hostnames that have been exempted from the proxy setting using the setproxybypass() method getrecoveryurl() as string returns the current recovery url, which is stored in the "ru" entry of the "networking" docid\ ffm73tjd bthw4 p 0jvg if the recovery url is set via dhcp option 43, it will take precedence over the "ru" registry entry resetinterfacesettings() as boolean clears all interface specific settings (e g ip address, default gateway) this method is ideal for resetting an interface to a known, empty state before configuring specific settings resethostsettings() as boolean clears all host settings (i e settings that don't take the interface number into account and that don't affect the specified network interface; e g the time server) getfailurereason() as string returns additional information when a member function returns false getcurrentconfig() as object retrieves the entire current configuration as an associative array containing the following members value type host/interface description metric integer interface returns the current routing metric for the interface see the setroutingmetric() entry for more details dhcp boolean interface returns true if the system is currently configured to use dhcp returns false otherwise hostname string host the currently configured host name mdns hostname string host the zeroconf host name currently in use this may be longer than the host name if there is a collision on the current network ethernet mac string interface the ethernet mac address ip4 address string interface the current ipv4 address if none is currently set, the string will be empty ip4 netmask string interface the current ipv4 network mask if none is currently set, the string will be empty ip4 broadcast string interface the current ipv4 broadcast address if none is currently set, the string will be empty ip4 gateway string interface the current ipv4 gateway address if none is currently set, the string will be empty domain string host a whitespace separated list of domains that will be appended to unqualified names when resolving them domains roarray of strings host the domains that will be appended to uniqualified names when resolving name dns servers roarray of strings host the currently active dns servers time server string host the current time server configured proxy string host the currently configured proxy this may contain magic characters as explained under setproxy() above current proxy string host the currently active proxy any magic characters will have been replaced as explained under setproxy() above shape inbound integer interface the current bandwidth shaping for inbound traffic determined by the setinboundshaperrate() method type string interface either "wired" or "wifi" link boolean interface indicates whether the network interface is currently connected wifi essid string interface the name of the current wi fi network (if any) wifi signal integer interface an indication of the received signal strength the absolute value of this field is usually not meaningful, but it can be compared with the reported value on other networks or in different locations testinterface() as object performs various tests on the network interface to determine whether it appears to be working correctly it reports the results via an associative array containing the following members value type description ok boolean this value is true if the tests find no problems, or false if at least one problem was identified diagnosis string a single line diagnosis of the first problem identified in the network interface log roarray of strings a complete log of all the tests performed and their results testinternetconnectivity() as object performs various tests on the internet connection (via any available network interface, not necessarily the one specified when the ronetworkconfiguration object was created) to determine whether it appears to be working correctly it reports the results via an associative array containing the following members value type description ok boolean this value is true if the tests find no problems, or false if at least one problem was identified diagnosis string a single line diagnosis of the first problem identified with the internet connection log roarray of strings a complete log of all the tests performed and their results getneighborinformation() as roassociativearray retrieves location information from the network infrastructure using the lldp med protocol the information is returned as an associative array of strings corresponding to civic address types, which are defined as follows according to the lldp med specification catype label description 1 a1 national subdivisions (state, region, province, prefecture) 2 a2 county, parish, gun(jp), district(in) 3 a3 city, township, shi(jp) 4 a4 city division, borough, city district, ward, chou(jp) 5 a5 neighborhood, block 6 a6 street catype nena pidf description examples 0 language i default \[3] 16 prd prd leading street direction n 17 pod pod trailing street suffix sw 18 sts sts street suffix ave, platz 19 hno hno house number 123 20 hns hns house number suffix a, 1/2 21 lmk lmk landmark or vanity address columbia university 22 loc loc additional location information south wing 23 nam nam name (residence and office occupant) joe's barbershop 24 zip pc postal/zip code 10027 1234 25 building (structure) low library 26 unit (apartment, suite) apt 42 27 flr floor 4 28 room number 450f 29 placetype office 30 pcn postal community name leonia 31 post office box (p o box) 12345 32 additional code 13203000003 128 script latn 255 reserved setdialupinitstring(cmds as string) as boolean specify the initialisation string, if any, required to configure the installed cellular modem for data operation typically this would be of the form at+cgdcont=1,"ip","myapn" where myapn is the apn string specified by the network operator consult your modem vendor and network operator for further guidance setdialupnumber(number as string) as boolean specify the telephone number that must be “dialled” to establish a data connection over the cellular interface, typically 99# consult your modem vendor for further guidance setdialupuser(user as string) as boolean setdialuppassword(password as string) as boolean specify the pap/chap credentials, if any, required to establish a cellular data connection in most cases these are not needed consult your network operator for guidance ifwificonfiguration scanwifi() as roarray scans for available wireless networks the results are reported as an roarray containing one or more associative arrays with the following members value type description essid string network name bssid string access point bssid signal integer received signal strength indication the absolute value of this field is not usually relevant, but it can be compared with the reported value on other networks or in different locations scanwifi may fail if a previous scan has not completed, or a background scan is in progress this potential failure should be handled in the script, and the script should retry scanwifi if it does fail reassociatewifi(enable as boolean) as boolean this method takes no parameters and attempts to disconnect from and reconnect to the currently configured wifi network this should not normally be necessary, but could be useful when diagnosing network problems returns true on success or false on failure when false is returned calling getfailurereason() may provide more information as to why this method is present in bos 8 4 20 and above, bos 8 5 26 and above, and in all bos 9 0 versions note that this function may return before the network has been reconnected use ronetworkhotplug to determine when reconnection is complete network authentication brightsign players support most commonly used wireless encryption formats wep (64 & 128), wpa (tkip), and wpa2 (aes) wpa enterprise is supported using eap tls (with der, pem, or pkcs#12 certificates) and peapv0/mschapv2 (with a username and passphrase) wired authentication via 802 1x is also supported the configuration instructions below apply to both wifi and wired authentication via 802 1x; the only difference is the wired/wireless parameter (0/1) passed during ronetworkconfiguration initialization eap tls eap tls authentication requires a client certificate and private key there are two ways to accomplish this packaging the client certificate and private key in a single file in pkcs#12 format (using pem or der encoding), usually with a p12 file extension to do this, set the pkcs#12 file using the setwifiprivatekey() method and pass a blank string to the setwificlientcertificate() method packaging the client certificate as a x 509 certificate (using pem or der encoding) and optionally securing the key with a passphrase (instead of the usual wifi passphrase) to do this, set the client certificate using the setwificlientcertificate() method and the key using the setwifiprivatekey() method if the key is protected with a passphrase, you should then call setwifipassphrase() certificate keys may contain binary data if not pem formatted in this case, they must be provided as an robytearray object text formats may be passed using a string or robytearray example setting eap tls with a p12 file nc = createobject("ronetworkconfiguration",1) p12 = createobject("robytearray") p12 readfile("client p12") nc setwificlientcertificate("") nc setwifiprivatekey(p12) nc setwifipassphrase("passwordgoeshere") during authentication, the radius server is passed an identity by default, the identity will be taken from the client certificate if the certificate has a "subjectaltname", it will be used; otherwise, the "commonname" is used if neither of these are correct, the identity may be overridden this default behavior can be overridden by calling setwifiidentity() , or it can be specified by passing a blank string to setwifiidentity() peap/mschap this mode requires an identity (username) and passphrase, rather than a client certificate there may also be a second, "outer", identity–see the special cases section below for configuration details nc = createobject("ronetworkconfiguration",1) nc setwifiidentity("user\@brightsign example com") nc setwifipassphrase("passwordgoeshere") common variants additional certificates additional ca certificates are often required when using a private or internal ca for authentication also, some ca hierarchies require intermediate certificates, which are sometimes supplied via eap if the server does not supply them, they may be added to the ca file using the setwificacertififcates() method this method supports pem certificates if a ca is not supplied, no peer verification will be done and an unvalidated authentication/connection will occur nc = createobject("ronetworkconfiguration",1) ca = createobject("robytearray") ca readfile("ca pem") nc setwificacertificates(ca) obfuscated wifi passphrase if an obfuscated wifi passphrase is required, you can substitute the setobfuscatedwifipassphrase() method for the setwifipassphrase() method contact mailto\ support\@brightsign biz to learn more about generating a key for obfuscation and storing it on the player tkip/ccmp encryption by default, both wpa (tkip) and wpa2 (ccmp) encryption is permitted you can alter this behavior using the setsecuritymode() method, which accepts a space separated, case insensitive list of allowed modes ("ccmp" and "tkip") if both ccmp and tkip are allowed, ccmp always has priority nc = createobject("ronetworkconfiguration",1) nc setwifisecuritymode("") 'sets the default mode nc setwifisecuritymode("ccmp tkip") 'explicitly allows both modes (same as the default mode) nc setwifisecuritymode("ccmp") 'requires the use of ccmp special cases md5 support md5 support is enabled by default for backwards compatibility reasons this behavior can be modified by passing the "md5=enable" or "md5=disable" string to the setwifieaptlsoptions() method nc = createobject("ronetworkconfiguration",1) nc setwifieaptlsoptions("md5=disable") anonymous identity some eap peap/mschap configurations require an anonymous identity by default, the brightsign player uses the same inner and outer identity an anonymous identity can be configured with the setwifieapttlsoptions() method nc = createobject("ronetworkconfiguration",1) nc setwifieaptlsoptions("anonymous identity=anon\@brightsign biz") if neither md5 or identity options are being used, the setting should be cleard by passing a blank string to the setwifieapttlsoptions() method validity dates validity dates are required for both eap tls and peap/mschap the current time is required to check the certificate if the player clock has not been set, it will typically set its time using the network, but this requires eap authentication first to avoid this problem, there are two special exceptions eap tls when the clock is not set, the time is set to ten seconds after the client certificate becomes valid, which is usually sufficient to authenticate (though this may not be sufficient for servers with newer certificates than the client) peap/mschap there is no client certificate, and the server certificate time is not checked when the date is not set the clock can also be set via the docid\ qxt4yhey7iej m9dh73wm , which prevents either of the above exceptions from being used typically, the clock is also set from the network once it is available, so these exceptions are only used on first boot or when the clock battery has been completely emptied examples the following script disables wpa enterprise configuration (which is otherwise persistent) nc = createobject("ronetworkconfiguration", 1) nc setwifisecuritymode("") nc setwifiessid("") nc setwifiidentity("") nc setwificacertificates("") nc setwificlientcertificate("") nc setwifiprivatekey("") nc setwifipassphrase("") nc setwifieaptlsoptions("") ok = nc apply() the following script configures the wifi for eap tls using a pkcs#12 ( p12 ) file, without additional ca certificates essid = "brightwifi" pkcs12file = "client p12" pkcspass = "passwordgoeshere" nc = createobject("ronetworkconfiguration", 1) nc setwifiessid(essid) p12 = createobject("robytearray") ok = p12 readfile(pkcs12file) if ok then nc setwificlientcertificate("") nc setwifiprivatekey(p12) nc setwifipassphrase(pkcspass) nc setwificacertificates("") nc setwifisecuritymode("") nc setwifiidentity("") nc setwifieaptlsoptions("") ok = nc apply() end if the following script configures the wifi for eap tls with additional certificates essid = "brightwifi" cafile = "cacert pem" pkcs12file = "client p12" pkcspass = "passwordgoeshere" nc = createobject("ronetworkconfiguration", 1) nc setwifiessid(essid) p12 = createobject("robytearray") ok = p12 readfile(pkcs12file) ca = createobject("robytearray") ok = ca readfile(cafile) and ok if ok then nc setwificlientcertificate("") nc setwifiprivatekey(p12) nc setwifipassphrase(pkcspass) nc setwificacertificates("") nc setwifisecuritymode("") nc setwifiidentity("") nc setwifieaptlsoptions("") ok = nc apply() end if the following script configures the wifi for peap/mschap with additional ca files essid = "brightwifi" cafile = "ca pem" user = "someuser\@brightsign biz" pass = "whatever" ca = createobject("robytearray") ok = ca readfile(cafile) if ok then nc = createobject("ronetworkconfiguration", 1) nc setwifiessid(essid) nc setwifiidentity(user) nc setwifipassphrase(pass) nc setwificacertificates(ca) nc setwificlientcertificate("") nc setwifiprivatekey("") 'use this if an anonymous outer identity is required 'nc setwifieaptlsoptions("anonymous identity=anon\@brightsign biz") nc setwifieaptlsoptions("") ok = nc apply() if not ok then fail = "unable to set configuration " + nc getfailurereason() end if else fail = "unable to read file " + cafile end if ' if not ok, do something with the failure message the following script performs various vlan configurations on the ethernet interface ' configure the vlans first use defaults for vlan6 n6=createobject("ronetworkconfiguration", "eth0 6") print n6 resetinterfacesettings() print n6 apply() ' use defaults for vlan11 n11=createobject("ronetworkconfiguration", "eth0 11") print n11 resetinterfacesettings() print n11 apply() ' use static ip for vlan15 n15=createobject("ronetworkconfiguration", "eth0 15") print n15 setip4address("192 168 15 100") print n15 setip4netmask("255 255 255 0") print n15 apply() ' now enable vlans 6, 11 and 15 on eth0 n0=createobject("ronetworkconfiguration", "eth0") print n0 setvlanids(\[6, 11, 15]) print n0 apply()