Network

The "Network" protocol message allows to define and setup the network configuration of the Qb2 device which can be further applied by "SetConfig()" service API. The message specifies the desired network configuration mode: "dhcp", "link-local","static" or their combination, and allows custom static configuration of the device. Modes "dhcp" and "static" can be applied together. In this scenario, static configuration will be used if DHCP configuration fails. Applied configuration is persistent and will be available at Qb2 device boot up.

Table 1. Available fields in blickfeld.system.config.Network
Field	Type	Default	Unit
hostname	string	-	-
hostname	Specifies the persistent system-wide hostname which should be assigned to the network device
dhcp	bool	true	-
dhcp	This setting enables dynamic "DHCP" network configuration mode. The "DHCP" mode is used to dynamically get IPv4/v6 network configuration from DHCP server in automatic fashion. Can be used standalone or, if required, can be combined with "static" configuration settings.
manual	optional Static	-	-
manual	This setting enables manual "Static" configuration. The "Static" mode allows to create custom static configurations for IPv4, IPv6 or their combination.
link_local	bool	false	-
link_local	(WIP - attention, no fallbacks!) This settings enables automatic "Link-local" network configuration mode. In this scenario, device itself selects and assigns IP addresses from a particular range. For IPv4: from 169.254.0.0 through 169.254.255.255. The IPv6 link-local prefix is FE80::/10 and is used to create a link-local IPv6 address on an interface
wireless	optional Wireless	-	-
wireless	If the field is set, the device switches from the Ethernet to the WiFi interface.
authentication	optional Authentication	-	-
authentication	Authentication configuration for joining a network. If this field is set the device starts to communicate with a authentication server (e.g. RADIUS).

Static

Static configuration specifies IP settings configuration for IPv4, IPv6 or their combination. Settings deliver the list of supported IP addresses, netmask, gateway, list of DNS servers and DNS search domain.

Table 2. Available fields in blickfeld.system.config.Network.Static
Field	Type	Default	Unit
ipv4	optional Ipv4	-	-
ipv4	Static IPv4 settings
ipv6	optional Ipv6	-	-
ipv6	Static IPv6 settings
dns_domain	optional string	-	-
dns_domain	The DNS domain field combined together with the hostname define FQDN (fully-qualified domain name), that specifies the exact location of Qb2 device in the tree hierarchy of Domain Name System.

Ipv4

Table 3. Available fields in blickfeld.system.config.Network.Static.Ipv4
Field	Type	Default	Unit
ip	repeated string	-	-
ip	List of IPv4 addresses. Each address should be specified in dot-decimal format (quad-dotted notation of four decimal integers, ranging from 0 to 255 each) including netmask prefix as follows "ip_address/prefix". Where netmask prefix should be set in CIDR notation (integer ranging from 0 to 32).
gateway	optional string	-	-
gateway	Gateway IPv4 address
dns_server	repeated string	-	-
dns_server	List of IPv4 DNS servers

Ipv6

Table 4. Available fields in blickfeld.system.config.Network.Static.Ipv6
Field	Type	Default	Unit
ip	repeated string	-	-
ip	List of IPv6 addresses. Each address should be specified as eight groups of four hexadecimal digits separated by colons and include netmask prefix as follows "ip/prefix". Where prefix should be set in CIDR notation (integer ranging from 0 to 128). IPv6 shortening rules are also supported.
gateway	optional string	-	-
gateway	Gateway IPv6 address
dns_server	repeated string	-	-
dns_server	List of IPv6 DNS servers

Wireless

If set, the device will turn of the Ethernet interface and connect to the given wireless access point. The Ethernet and WiFi interface cannot work simultanously.

Always use the validate method of the network service to ensure that the given credentials are correct. If the credentials are incorrect or the wireless access point is down, the fallback IP address can be used via the Ethernet interface to reset the network configuration.

Table 5. Available fields in blickfeld.system.config.Network.Wireless
Field	Type	Default	Unit
ssid	string	-	-
ssid	SSID of the wireless network
password	string	-	-
password	Password of the wireless network [NOTE] If the password is not set and the SSID did not change, the existing password is used. This mechanism is applied as the password is never returned via the GetConfig API.

Authentication

Authentication for networks

Interface to netplan & networkd, see https://netplan.readthedocs.io/en/latest/netplan-yaml/#authentication.

Table 6. Available fields in blickfeld.system.config.Network.Authentication
Field	Type	Default	Unit
key_management	KeyManagement	-	-
key_management	Selected key management
password	string	-	-
password	Password in plain text corresponding the the account identity or username
eap_method	EapMethod	-	-
eap_method	Selected preferred EAP method
identity	string	-	-
identity	The account identity or username
anonymous_identity	string	-	-
anonymous_identity	anonymous-identity (advanced configuration)
ca_certificate	secure.config.Certificate	-	-
ca_certificate	The RADIUS-server ca-certificate For EAP-methods TLS, TTLS and PEAP this certificate is loaded and validated against the certificate presented from the server side. The expected format is a x509, PEM in binary encoding.
client_certificate	secure.config.Certificate	-	-
client_certificate	The Client-certificate The certificate to be used by the client during authentication when EAP-TLS is selected.
client_key	secure.config.PrivateKey	-	-
client_key	The client-key Client key for the configured client certificate.
client_key_password	string	-	-
client_key_password	The client-key password Password to use the configured client key (if encrypted).
phase2_auth	string	-	-
phase2_auth	phase2-auth (advanced configuration)

Key Management

Key management

Only 802.1X for wired network is supported (see https://en.wikipedia.org/wiki/IEEE_802.1X).

Table 7. Available values for blickfeld.system.config.Network.Authentication.KeyManagement enum
Name	Value	Description
KEY_MANAGEMENT_UNSPECIFIED	0	default (no key management)
KEY_MANAGEMENT_PSK	1	PSK (WPA with pre-shared key, common for home Wi-Fi).
KEY_MANAGEMENT_EAP	2	EAP (WPA with EAP, common for enterprise Wi-F).
KEY_MANAGEMENT_EAPSHA256	3	EAP-SHA256 (used with WPA3-Enterprise).
KEY_MANAGEMENT_EAPSUITEB192	4	EAP-SUITE-B-192 (used with WPA3-Enterprise).
KEY_MANAGEMENT_SAE	5	SAE (used by WPA3)
KEY_MANAGEMENT_IEEE8021X	6	802.1X (used primarily for wired Ethernet connections).

Eap Method

The Extensible Authentication Protocol (EAP) method to use.

Table 8. Available values for blickfeld.system.config.Network.Authentication.EapMethod enum
Name	Value	Description
EAP_METHOD_UNSPECIFIED	0	default (unset) - Let the RADIUS server propose a EAP method
EAP_METHOD_TLS	1	Prefer TLS
EAP_METHOD_PEAP	2	Prefer protected EAP (recommended)
EAP_METHOD_LEAP	3	Prefer lightweight EAP
EAP_METHOD_PWD	4	Prefer EAP password
EAP_METHOD_TTLS	5	Prefer tunneled TLS (recommended)