Additional Wi-Fi settings

When providing your network credentials in the network.json file, you can also include additional fields in the file to adjust the network authentication protocols or even provide multiple networks' details.

Note

Configuring additional network settings using the network.json is supported on Gateway Plus starting with firmware version 2.13.0.

Wi-Fi fields

The main field that contains the list of Wi-Fi credentials and settings is wifi_auth and can contain the following fields:

Field	Type	Description	Required	Default	Values
`ssid`	String	The SSID of the access point, i.e. the network's name.	Required		The SSID can have maximum 32 characters.
`visibility`	String	Whether the network is visible or hidden.	Optional	`ACCESS_POINT_VISIBILITY_VISIBLE`	`ACCESS_POINT_VISIBILITY_VISIBLE` `ACCESS_POINT_VISIBILITY_HIDDEN`
`priority`	Integer	Auto-connect priority. Networks with higher priority will be connected to first.	Optional	0	For connections with identical values, the behavior is undefined and left up to the network manager.
`wifi_auth`	Object	The authentication method used.	Required		`wpa_psk` `wpa_eap`
`interface_settings`	Object	IP settings for the specific interface	Optional		See below for Interface settings.

WPA Personal

If you are using the WPA Personal authentication method, in the network.json file, add wpa_psk holding the psk (pre-shared key) field and put your network's password as value.

Example 34. Example

{
  "wifi": {
		"wifi_auth": [
			{
				"ssid": "Your SSID",
				"visibility": "ACCESS_POINT_VISIBILITY_VISIBLE",
				"priority": 10,
				"wpa_psk": {
					"psk": "p4$$w0rD"
				}
			}
		]
  }
}

WPA Enterprise (EAP)

If you are using the WPA Enterprise authentication method, in the network.json file, add the wpa_eap field that can hold the following fields and values:

Field	Description	Type	Required	Value
`anonymous_identity`	The anonymous identity used to talk to the proper RADIUS server.	String	Optional	The identity value can have 0-128 characters.
`domain`	The domain / realm of the RADIUS server.	String	Optional	The domain value can have 0-128 characters.
`ca_cert_path`	The path to a CA root certificate used to authenticate the RADIUS server.	String	Optional	A relative path in the archive to the PEM certificate.
EAP Authentication	The type of WPA-Enterprise authentication.	Object	Required	`eap_tls` `peap` `eap_ttls`

Example 35. Example

{
  "wifi": {
	"wifi_auth": [
	    {
		"ssid": "Your SSID",
		"visibility": "ACCESS_POINT_VISIBILITY_VISIBLE",
		"priority": 20,
		"wpa_eap": {
	            "anonymous_identity": "anonymous",
		    "domain": "",
		    "ca_cert_path": "ca_cert.pem",
		    "peap": {
			"identity": "John Doe",
			"password": "p4$$w0rD",
			"inner_auth": "PEAP_INNER_AUTH_MSCHAPV2"
		    }
		}
    	    }
        ]
    }
}

EAP-TLS

If you are using the EAP-TLS authentication method, in the network.json file, add the eap_tls field that can hold the following fields and values:

Field	Description	Type	Required	Value
`identity`	The identity (username) stored in the RADIUS server database to authenticate the client.	String	Required	The identity value must have 1-128 characters.
`user_cert_path`	The path to the user's public certificate.	String	Required	The relative path in the archive to the PEM certificate
`private_key_path`	The path to the user's private key.	String	Required	The relative path in the archive to the PEM certificate
`private_key_password`	The private key password used to open it.	String	Optional

Example 36. Example

{
  "wifi": {
    "wifi_auth": [
	   {
	        "ssid": "Your SSID",
		"visibility": "ACCESS_POINT_VISIBILITY_VISIBLE",
		"priority": 20,
		"wpa_eap": {
		    "anonymous_identity": "anonymous",
		    "domain": "",
		    "ca_cert_path": "ca_cert.pem",
		    "eap_tls": {
		        "identity": "John Doe",
			"user_cert_path": "cert_tls.pem",
			"private_key_path": "key_tls.pem",
			"private_key_password": "p4$$w0rD"
		    }
		}
	    }
	]
    }
}

EAP-TTLS

If you are using the EAP-TTLS authentication method, in the network.json file, add the eap_ttls field that can hold the following fields and values:

Field	Description	Type	Required	Value
`identity`	The identity (username) stored in the RADIUS server database to authenticate the client.	String	Required	The identity must have 1-128 characters.
`password`	The password associated with the identity.	String	Required
`inner_auth`	The inner authentication.	String	Required	`EAP_TTLS_INNER_AUTH_PAP` `EAP_TTLS_INNER_AUTH_MSCHAPV2` `EAP_TTLS_INNER_AUTH_MSCHAPV2_NO_EAP` `EAP_TTLS_INNER_AUTH_CHAP` `EAP_TTLS_INNER_AUTH_MD5` `EAP_TTLS_INNER_AUTH_GTC`

Example 37. Example

{
  "wifi": {
		"wifi_auth": [
			{
				"ssid": "Your SSID",
				"visibility": "ACCESS_POINT_VISIBILITY_VISIBLE",
				"priority": 20,
				"wpa_eap": {
					"anonymous_identity": "anonymous",
					"domain": "",
					"ca_cert_path": "ca_cert.pem",
					"eap_ttls": {
						"identity": "John Doe",
						"password": "p4$$w0rD",
						"inner_auth": "EAP_TTLS_INNER_AUTH_PAP"
					}
				}
			}
		]
	}
}

PEAP

If you are using the PEAP authentication method, in the network.json file, add the peap field that can hold the following fields and values:

Field	Description	Type	Required	Value
`identity`	The identity (username) stored in the RADIUS server database to authenticate the client.	String	Required	The identity must have 1-128 characters.
`password`	The password associated with the identity.	String	Required
`inner_auth`	The inner authentication.	String	Required	`PEAP_INNER_AUTH_MSCHAPV2` `PEAP_INNER_AUTH_GTC`

Example 38. Example

{
    "wifi": {
        "wifi_auth": [
            {
                "ssid": "Your SSID",
                "visibility": "ACCESS_POINT_VISIBILITY_VISIBLE",
                "priority": 20,
                "wpa_eap": {
                    "anonymous_identity": "anonymous",
                    "domain": "",
                    "ca_cert_path": "ca_cert.pem",
                    "peap": {
                        "identity": "John Doe",
                        "password": "p4$$w0rD",
                        "inner_auth": "PEAP_INNER_AUTH_MSCHAPV2"
                    }
                }
            }
        ]
    }
}

NTP settings

When using a custom NTP, make sure all NTP servers get added to the trusted list on your firewall. This will ensure the time of your Gateway Plus stays synchronous with the INSIGHT webportal.

Note

NTP settings are supported on Gateway Plus starting with firmware version 2.13.0.

Field	Description	Type	Values
`ntp_servers`	NTP server list. Can be a URL or an IP address (v4 or v6).	List of strings	Maximum 2

0.debian.pool.ntp.org
1.debian.pool.ntp.org
2.debian.pool.ntp.org
3.debian.pool.ntp.org

Examples

{
    "wifi": {
	    "wifi_auth": [
			{
				"ssid": "Test",
				"wpa_psk": {
					"psk": "xxxxxxxxxxx"
				},
				"ntp_settings": {
					"ntp_servers": [
						"0.arch.pool.ntp.org",
						"1.arch.pool.ntp.org"
					]
				}
			}
		]
	}
}

{
    "ethernet": {
		"ntp_settings": {
			"ntp_servers": [
              "0.arch.pool.ntp.org",
              "1.arch.pool.ntp.org"
			]
		}
    }
}

Interface settings

Dynamic Host Configuration Protocol (DHCP) is used by default for IPv4 and IPv6 if no settings are specified.

Note

Interface settings are supported on Gateway Plus starting with firmware version 2.13.0.

Table 14. IP version selection

Field	Description	Type	Required	Values
`ipv4_settings`	IPv4 settings	Object	Optional	See IP settings below.
`ipv6_settings`	IPv6 settings	Object	Optional	See IP settings below.

IP Settings

The following settings are common to IPv4 and IPv6:

Table 15. IP Settings

Field	Description	Type	Required	Default	Values
`ip_method`	The type of IP assignment	String	Optional	`IP_METHOD_AUTO_DHCP`	`IP_METHOD_AUTO_DHCP` `IP_METHOD_MANUAL` `IP_METHOD_DISABLED`
`ip_addresses`	The addresses to use in case of a manual method.	Array/[Object]	Optional		See below for IPv4 and IPv6 addresses.

Table 16. IPv4 addresses

Field	Description	Type	Required	Default	Example
`address`	The address to assign to the Gateway Plus.	String	Required		192.168.1.42
`netmask`	The IP netmask to use (can be either the IPv4 address or a number).	String	Optional	255.255.255.255	255.255.255.0 32
`gateway`	The address of the network gateway (not to be confused with the ProGlove Gateway Plus device).	String	Optional		192.168.1.1

Table 17. IPv6 addresses

Field	Description	Type	Required	Default	Example
`address`	The address to assign to the Gateway Plus.	String	Required		001:db8:abcd:0012:ffff:ffff:ffff:ffff
`prefix`	The prefix length of the network.	String	Optional	128	64
`gateway`	The address of the network gateway (not to be confused with the ProGlove Gateway Plus device).	String	Optional		2001:db8:abcd:0012:0000:0000:0000:0000

External certificates

If your selected authentication method includes required fields like user_cert_path and private_key_path or optional fields like ca_cert_path, you have to include the targeted certificates in the zipped provisioning file.

The example below displays a case where a single network.json file is used for provisioning the Gateway with credentials to connect to multiple networks using four authentication protocols: WPA Personal, EAP-TTLS, PEAP, and EAP-TLS.

There are three external certificates referenced inside the following fields of the network.json file:

ca_cert_path
user_cert_path
private_key_path

To provision the Gateway Plus with these certificates, include the .pem files in the same folder with the network.json file, zip them together and apply the provisioning file.

Example 39. Example of the provisioning .zip file structure

network.zip
- network.json
- ca_cert.pem
- cert.pem
- key.pem

Example 40. Example

{
    "wifi": {
        "wifi_auth": [
            {
                "ssid": "Your SSID",
                "visibility": "ACCESS_POINT_VISIBILITY_VISIBLE",
                "priority": 10,
                "wpa_psk": {
                    "psk": "p4$$w0rD"
                }
            },
            {
                "ssid": "Your SSID",
                "visibility": "ACCESS_POINT_VISIBILITY_VISIBLE",
                "priority": 20,
                "wpa_eap": {
                    "anonymous_identity": "anonymous",
                    "domain": "",
                    "ca_cert_path": "ca_cert.pem",
                    "eap_ttls": {
                        "identity": "John Doe",
                        "password": "p4$$w0rD",
                        "inner_auth": "EAP_TTLS_INNER_AUTH_PAP"
                    }
                }
            },
            {
                "ssid": "Your SSID",
                "visibility": "ACCESS_POINT_VISIBILITY_VISIBLE",
                "priority": 20,
                "wpa_eap": {
                    "anonymous_identity": "anonymous",
                    "domain": "",
                    "ca_cert_path": "ca_cert.pem",
                    "peap": {
                        "identity": "John Doe",
                        "password": "p4$$w0rD",
                        "inner_auth": "PEAP_INNER_AUTH_MSCHAPV2"
                    }
                }
            },
            {
                "ssid": "Your SSID",
                "visibility": "ACCESS_POINT_VISIBILITY_VISIBLE",
                "priority": 20,
                "wpa_eap": {
                    "anonymous_identity": "anonymous",
                    "domain": "",
                    "ca_cert_path": "ca_cert.pem",
                    "eap_tls": {
                        "user_cert_path": "cert.pem",
                        "private_key_path": "key.pem",
                        "private_key_password": "p4$$w0rD"
                    }
                }
            }
        ]
    }
}

In this section:

ProGlove Documentation

Additional Wi-Fi settings

Note

Wi-Fi fields

WPA Personal

WPA Enterprise (EAP)

EAP-TLS

EAP-TTLS

PEAP

NTP settings

Note

Interface settings

Note

IP Settings

External certificates

Search results