From af726d29f927d5ef28afa2dd48693a6038e96a68 Mon Sep 17 00:00:00 2001
From: YipKo <17290550+YipKo@users.noreply.github.com>
Date: Tue, 26 May 2026 16:12:12 +0800
Subject: [PATCH 1/5] feat: Add WPA Enterprise Wi-Fi support

---
 kvmapp/system/init.d/S30wifi                  |  90 ++++++++++-
 kvmapp/system/init.d/S95nanokvm               |   8 +-
 server/proto/network.go                       |  11 +-
 server/service/network/wifi.go                | 146 ++++++++++++++++--
 web/src/api/network.ts                        |  26 +++-
 .../desktop/menu/settings/network/wifi.tsx    |  82 +++++++++-
 web/src/pages/wifi/index.tsx                  |  61 +++++++-
 7 files changed, 390 insertions(+), 34 deletions(-)

diff --git a/kvmapp/system/init.d/S30wifi b/kvmapp/system/init.d/S30wifi
index 6694eca2..d6c532b5 100755
--- a/kvmapp/system/init.d/S30wifi
+++ b/kvmapp/system/init.d/S30wifi
@@ -4,6 +4,50 @@
 
 APFLAG_FILE=/tmp/wifiap
 
+escape_wpa_value() {
+    printf "%s" "$1" | tr -d '\r\n' | sed 's/\\/\\\\/g; s/"/\\"/g'
+}
+
+sanitize_wpa_token() {
+    printf "%s" "$1" | tr -cd 'A-Za-z0-9_-'
+}
+
+append_wpa_field() {
+    key="${1}"
+    value="${2}"
+    if [ -n "$value" ]; then
+        printf '    %s="%s"\n' "$key" "$(escape_wpa_value "$value")"
+    fi
+}
+
+gen_wpa_enterprise_conf() {
+    ssid="${1}"
+    pass="${2}"
+    identity="${3}"
+    eap="${4:-PEAP}"
+    phase2="${5:-auth=MSCHAPV2}"
+    anonymous_identity="${6}"
+    ca_cert="${7}"
+    domain_suffix_match="${8}"
+    eap=$(sanitize_wpa_token "$eap")
+
+    echo "ctrl_interface=/var/run/wpa_supplicant"
+    echo "ap_scan=1"
+    echo "fast_reauth=1"
+    echo ""
+    echo "network={"
+    append_wpa_field "ssid" "$ssid"
+    echo "    key_mgmt=WPA-EAP"
+    echo "    eap=${eap}"
+    append_wpa_field "identity" "$identity"
+    append_wpa_field "password" "$pass"
+    append_wpa_field "phase2" "$phase2"
+    append_wpa_field "anonymous_identity" "$anonymous_identity"
+    append_wpa_field "ca_cert" "$ca_cert"
+    append_wpa_field "domain_suffix_match" "$domain_suffix_match"
+    echo "}"
+}
+
 gen_hostapd_conf() {
     ssid="${1}"
     pass="${2}"
@@ -52,16 +96,24 @@ start() {
     echo "wifi mode: sta"
     ssid=""
     pass=""
+    mode="psk"
+    identity=""
+    eap="PEAP"
+    phase2="auth=MSCHAPV2"
+    anonymous_identity=""
+    ca_cert=""
+    domain_suffix_match=""
     if [ -e /boot/wifi.ssid ] && [ -e /boot/wifi.pass ]; then
         echo "Updating WiFi credentials from /boot to /etc/kvm/"
 
-        rm -f /etc/kvm/wifi.ssid /etc/kvm/wifi.pass
+        rm -f /etc/kvm/wifi.ssid /etc/kvm/wifi.pass /etc/kvm/wifi.mode
 
         mv /boot/wifi.ssid /etc/kvm/wifi.ssid
         mv /boot/wifi.pass /etc/kvm/wifi.pass
 
         chown root:root /etc/kvm/wifi.ssid /etc/kvm/wifi.pass
-        chmod 644 /etc/kvm/wifi.ssid /etc/kvm/wifi.pass
+        chmod 644 /etc/kvm/wifi.ssid
+        chmod 600 /etc/kvm/wifi.pass
     fi
     if [ -e /etc/kvm/wifi.ssid ]; then
         ssid=$(cat /etc/kvm/wifi.ssid)
@@ -69,8 +121,38 @@ start() {
     if [ -e /etc/kvm/wifi.pass ]; then
         pass=$(cat /etc/kvm/wifi.pass)
     fi
-    echo "ctrl_interface=/var/run/wpa_supplicant" >/etc/wpa_supplicant.conf
-    wpa_passphrase "$ssid" "$pass" >>/etc/wpa_supplicant.conf
+    if [ -e /etc/kvm/wifi.mode ]; then
+        mode=$(cat /etc/kvm/wifi.mode)
+    fi
+    if [ -e /etc/kvm/wifi.identity ]; then
+        identity=$(cat /etc/kvm/wifi.identity)
+    fi
+    if [ -e /etc/kvm/wifi.eap ]; then
+        eap=$(cat /etc/kvm/wifi.eap)
+    fi
+    if [ -e /etc/kvm/wifi.phase2 ]; then
+        phase2=$(cat /etc/kvm/wifi.phase2)
+    fi
+    if [ -e /etc/kvm/wifi.anonymous_identity ]; then
+        anonymous_identity=$(cat /etc/kvm/wifi.anonymous_identity)
+    fi
+    if [ -e /etc/kvm/wifi.ca_cert ]; then
+        ca_cert=$(cat /etc/kvm/wifi.ca_cert)
+    fi
+    if [ -e /etc/kvm/wifi.domain_suffix_match ]; then
+        domain_suffix_match=$(cat /etc/kvm/wifi.domain_suffix_match)
+    fi
+
+    case "$mode" in
+    enterprise | 8021x | wpa-eap)
+        gen_wpa_enterprise_conf "$ssid" "$pass" "$identity" "$eap" "$phase2" "$anonymous_identity" "$ca_cert" "$domain_suffix_match" >/etc/wpa_supplicant.conf
+        ;;
+    *)
+        echo "ctrl_interface=/var/run/wpa_supplicant" >/etc/wpa_supplicant.conf
+        wpa_passphrase "$ssid" "$pass" >>/etc/wpa_supplicant.conf
+        ;;
+    esac
+    chmod 600 /etc/wpa_supplicant.conf
     wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant.conf
     if [ ! -e /boot/wifi.nodhcp ]; then
         (udhcpc -i wlan0 -t 10 -T 1 -A 5 -b -p /run/udhcpc.wlan0.pid) &
diff --git a/kvmapp/system/init.d/S95nanokvm b/kvmapp/system/init.d/S95nanokvm
index f3142618..e93f6645 100755
--- a/kvmapp/system/init.d/S95nanokvm
+++ b/kvmapp/system/init.d/S95nanokvm
@@ -49,7 +49,8 @@ case "$1" in
     /tmp/kvm_system/kvm_system &
 
     cp -r /kvmapp/server /tmp/
-    /tmp/server/NanoKVM-Server &
+    chmod -R a+rX /tmp/server/web
+    (cd /tmp/server && LD_LIBRARY_PATH=/tmp/server/dl_lib ./NanoKVM-Server >/tmp/nanokvm-server.log 2>&1) &
    ;;
 
   stop)
@@ -68,7 +69,8 @@ case "$1" in
     /tmp/kvm_system/kvm_system &
 
     cp -r /kvmapp/server /tmp/
-    /tmp/server/NanoKVM-Server &
+    chmod -R a+rX /tmp/server/web
+    (cd /tmp/server && LD_LIBRARY_PATH=/tmp/server/dl_lib ./NanoKVM-Server >/tmp/nanokvm-server.log 2>&1) &
 
     sync
     echo "OK"
@@ -78,4 +80,4 @@ case "$1" in
     echo "Usage: $0 {start|stop|restart}"
     exit 1
   ;;
-esac
\ No newline at end of file
+esac
diff --git a/server/proto/network.go b/server/proto/network.go
index 966e6b23..0ab4a469 100644
--- a/server/proto/network.go
+++ b/server/proto/network.go
@@ -25,8 +25,15 @@ type GetWifiRsp struct {
 }
 
 type ConnectWifiReq struct {
-	Ssid     string `validate:"required"`
-	Password string `validate:"required"`
+	Ssid              string `json:"ssid" form:"ssid"`
+	Password          string `json:"password" form:"password"`
+	Mode              string `json:"mode" form:"mode"`
+	Identity          string `json:"identity" form:"identity"`
+	EAP               string `json:"eap" form:"eap"`
+	Phase2            string `json:"phase2" form:"phase2"`
+	AnonymousIdentity string `json:"anonymousIdentity" form:"anonymousIdentity"`
+	CACert            string `json:"caCert" form:"caCert"`
+	DomainSuffixMatch string `json:"domainSuffixMatch" form:"domainSuffixMatch"`
 }
 
 type GetDNSRsp struct {
diff --git a/server/service/network/wifi.go b/server/service/network/wifi.go
index d163d343..a5f4d0c1 100644
--- a/server/service/network/wifi.go
+++ b/server/service/network/wifi.go
@@ -15,14 +15,21 @@ import (
 )
 
 const (
-	WiFiExistFile  = "/etc/kvm/wifi_exist"
-	WiFiApModeFile = "/tmp/wifiap"
-	WiFiSSID       = "/etc/kvm/wifi.ssid"
-	WiFiPasswd     = "/etc/kvm/wifi.pass"
-	WiFiConnect    = "/kvmapp/kvm/wifi_try_connect"
-	WiFiStateFile  = "/kvmapp/kvm/wifi_state"
-	WiFiScript     = "/etc/init.d/S30wifi"
-	WiFiApPassFile = "/kvmapp/kvm/ap.pass"
+	WiFiExistFile         = "/etc/kvm/wifi_exist"
+	WiFiApModeFile        = "/tmp/wifiap"
+	WiFiSSID              = "/etc/kvm/wifi.ssid"
+	WiFiPasswd            = "/etc/kvm/wifi.pass"
+	WiFiMode              = "/etc/kvm/wifi.mode"
+	WiFiIdentity          = "/etc/kvm/wifi.identity"
+	WiFiEAP               = "/etc/kvm/wifi.eap"
+	WiFiPhase2            = "/etc/kvm/wifi.phase2"
+	WiFiAnonymousIdentity = "/etc/kvm/wifi.anonymous_identity"
+	WiFiCACert            = "/etc/kvm/wifi.ca_cert"
+	WiFiDomainSuffixMatch = "/etc/kvm/wifi.domain_suffix_match"
+	WiFiConnect           = "/kvmapp/kvm/wifi_try_connect"
+	WiFiStateFile         = "/kvmapp/kvm/wifi_state"
+	WiFiScript            = "/etc/init.d/S30wifi"
+	WiFiApPassFile        = "/kvmapp/kvm/ap.pass"
 )
 
 func (s *Service) GetWifi(c *gin.Context) {
@@ -73,13 +80,13 @@ func (s *Service) ConnectWifiNoAuth(c *gin.Context) {
 		return
 	}
 
-	if err := proto.ParseFormRequest(c, &req); err != nil {
+	if err := parseConnectWifiRequest(c, &req); err != nil {
 		time.Sleep(1 * time.Second)
 		rsp.ErrRsp(c, -2, "invalid parameters")
 		return
 	}
 
-	if err := connect(req.Ssid, req.Password); err != nil {
+	if err := connect(req); err != nil {
 		rsp.ErrRsp(c, -3, "failed to connect wifi")
 		return
 	}
@@ -114,12 +121,12 @@ func (s *Service) ConnectWifi(c *gin.Context) {
 	var req proto.ConnectWifiReq
 	var rsp proto.Response
 
-	if err := proto.ParseFormRequest(c, &req); err != nil {
+	if err := parseConnectWifiRequest(c, &req); err != nil {
 		rsp.ErrRsp(c, -1, "invalid parameters")
 		return
 	}
 
-	if err := connect(req.Ssid, req.Password); err != nil {
+	if err := connect(req); err != nil {
 		rsp.ErrRsp(c, -2, "failed to connect wifi")
 		return
 	}
@@ -160,22 +167,93 @@ func (s *Service) DisconnectWifi(c *gin.Context) {
 
 	_ = os.Remove(WiFiSSID)
 	_ = os.Remove(WiFiPasswd)
+	removeEnterpriseWiFiFiles()
 
 	rsp.OkRsp(c)
 	log.Debugf("stop wifi successfully")
 }
 
-func connect(ssid string, password string) error {
-	if err := os.WriteFile(WiFiSSID, []byte(ssid), 0o644); err != nil {
+func parseConnectWifiRequest(c *gin.Context, req *proto.ConnectWifiReq) error {
+	if err := c.ShouldBind(req); err != nil {
+		log.Errorf("parse wifi request failed, err: %s", err)
+		return err
+	}
+
+	req.Ssid = strings.TrimSpace(req.Ssid)
+	req.Mode = normalizeWiFiMode(req.Mode)
+	req.EAP = strings.TrimSpace(req.EAP)
+	req.Phase2 = strings.TrimSpace(req.Phase2)
+	req.Identity = strings.TrimSpace(req.Identity)
+	req.AnonymousIdentity = strings.TrimSpace(req.AnonymousIdentity)
+	req.CACert = strings.TrimSpace(req.CACert)
+	req.DomainSuffixMatch = strings.TrimSpace(req.DomainSuffixMatch)
+
+	if req.Ssid == "" || req.Password == "" {
+		return fmt.Errorf("ssid and password are required")
+	}
+	if isEnterpriseWiFiMode(req.Mode) && req.Identity == "" {
+		return fmt.Errorf("identity is required for enterprise wifi")
+	}
+	if hasLineBreak(req.Ssid, req.Password, req.Identity, req.EAP, req.Phase2, req.AnonymousIdentity, req.CACert, req.DomainSuffixMatch) {
+		return fmt.Errorf("wifi parameters must not contain line breaks")
+	}
+
+	if req.EAP == "" {
+		req.EAP = "PEAP"
+	}
+	if req.Phase2 == "" {
+		req.Phase2 = "auth=MSCHAPV2"
+	}
+
+	log.Debugf("wifi connect request: ssid=%q mode=%q identity_set=%t", req.Ssid, req.Mode, req.Identity != "")
+	return nil
+}
+
+func normalizeWiFiMode(mode string) string {
+	mode = strings.ToLower(strings.TrimSpace(mode))
+	if mode == "" {
+		return "psk"
+	}
+	return mode
+}
+
+func isEnterpriseWiFiMode(mode string) bool {
+	return mode == "enterprise" || mode == "8021x" || mode == "wpa-eap"
+}
+
+func hasLineBreak(values ...string) bool {
+	for _, value := range values {
+		if strings.ContainsAny(value, "\r\n") {
+			return true
+		}
+	}
+	return false
+}
+
+func connect(req proto.ConnectWifiReq) error {
+	if err := os.WriteFile(WiFiSSID, []byte(req.Ssid), 0o644); err != nil {
 		log.Errorf("failed to save wifi ssid: %s", err)
 		return err
 	}
 
-	if err := os.WriteFile(WiFiPasswd, []byte(password), 0o644); err != nil {
+	if err := os.WriteFile(WiFiPasswd, []byte(req.Password), 0o600); err != nil {
 		log.Errorf("failed to save wifi password: %s", err)
 		return err
 	}
 
+	if err := os.WriteFile(WiFiMode, []byte(req.Mode), 0o644); err != nil {
+		log.Errorf("failed to save wifi mode: %s", err)
+		return err
+	}
+
+	if isEnterpriseWiFiMode(req.Mode) {
+		if err := writeEnterpriseWiFiFiles(req); err != nil {
+			return err
+		}
+	} else {
+		removeEnterpriseWiFiFiles()
+	}
+
 	if err := os.WriteFile(WiFiConnect, nil, 0o644); err != nil {
 		log.Errorf("failed to connect wifi: %s", err)
 		return err
@@ -184,6 +262,44 @@ func connect(ssid string, password string) error {
 	return nil
 }
 
+func writeEnterpriseWiFiFiles(req proto.ConnectWifiReq) error {
+	files := map[string]string{
+		WiFiIdentity:          req.Identity,
+		WiFiEAP:               req.EAP,
+		WiFiPhase2:            req.Phase2,
+		WiFiAnonymousIdentity: req.AnonymousIdentity,
+		WiFiCACert:            req.CACert,
+		WiFiDomainSuffixMatch: req.DomainSuffixMatch,
+	}
+
+	for path, value := range files {
+		if strings.TrimSpace(value) == "" {
+			_ = os.Remove(path)
+			continue
+		}
+		if err := os.WriteFile(path, []byte(value), 0o600); err != nil {
+			log.Errorf("failed to save enterprise wifi file %s: %s", path, err)
+			return err
+		}
+	}
+
+	return nil
+}
+
+func removeEnterpriseWiFiFiles() {
+	for _, path := range []string{
+		WiFiMode,
+		WiFiIdentity,
+		WiFiEAP,
+		WiFiPhase2,
+		WiFiAnonymousIdentity,
+		WiFiCACert,
+		WiFiDomainSuffixMatch,
+	} {
+		_ = os.Remove(path)
+	}
+}
+
 func isSupported() bool {
 	_, err := os.Stat(WiFiExistFile)
 	return err == nil
diff --git a/web/src/api/network.ts b/web/src/api/network.ts
index 00a4c381..c27e0d30 100644
--- a/web/src/api/network.ts
+++ b/web/src/api/network.ts
@@ -1,6 +1,17 @@
 import { http } from '@/lib/http.ts';
 
 export type DNSMode = 'manual' | 'dhcp';
+export type WiFiSecurityMode = 'psk' | 'enterprise';
+
+export type ConnectWifiOptions = {
+  mode?: WiFiSecurityMode;
+  identity?: string;
+  eap?: string;
+  phase2?: string;
+  anonymousIdentity?: string;
+  caCert?: string;
+  domainSuffixMatch?: string;
+};
 
 // wake on lan
 export function wol(mac: string) {
@@ -33,10 +44,16 @@ export function getWiFi() {
 }
 
 // connect wifi without auth (only available in wifi configuration mode)
-export function connectWifiNoAuth(ssid: string, password: string, apPassword?: string) {
+export function connectWifiNoAuth(
+  ssid: string,
+  password: string,
+  apPassword?: string,
+  options: ConnectWifiOptions = {}
+) {
   const data = {
     ssid,
-    password
+    password,
+    ...options
   };
   return http.post('/api/network/wifi', data, {
     headers: {
@@ -59,10 +76,11 @@ export function verifyApLogin(apPassword: string) {
 }
 
 // connect wifi
-export function connectWifi(ssid: string, password: string) {
+export function connectWifi(ssid: string, password: string, options: ConnectWifiOptions = {}) {
   const data = {
     ssid,
-    password
+    password,
+    ...options
   };
   return http.post('/api/network/wifi/connect', data);
 }
diff --git a/web/src/pages/desktop/menu/settings/network/wifi.tsx b/web/src/pages/desktop/menu/settings/network/wifi.tsx
index d6114a65..c835f7f8 100644
--- a/web/src/pages/desktop/menu/settings/network/wifi.tsx
+++ b/web/src/pages/desktop/menu/settings/network/wifi.tsx
@@ -1,10 +1,11 @@
 import { useEffect, useState } from 'react';
 import { LockOutlined, WifiOutlined } from '@ant-design/icons';
-import { Button, Input, Modal, Switch } from 'antd';
+import { Button, Input, Modal, Select, Switch } from 'antd';
 import { WifiIcon, WifiPenIcon } from 'lucide-react';
 import { useTranslation } from 'react-i18next';
 
 import * as api from '@/api/network.ts';
+import type { WiFiSecurityMode } from '@/api/network.ts';
 
 export const Wifi = () => {
   const { t } = useTranslation();
@@ -14,8 +15,15 @@ export const Wifi = () => {
   const [connectedWiFi, setConnectedWifi] = useState('');
 
   const [isModalOpen, setIsModalOpen] = useState(false);
+  const [mode, setMode] = useState<WiFiSecurityMode>('psk');
   const [ssid, setSsid] = useState('');
   const [password, setPassword] = useState('');
+  const [identity, setIdentity] = useState('');
+  const [eap, setEap] = useState('PEAP');
+  const [phase2, setPhase2] = useState('auth=MSCHAPV2');
+  const [anonymousIdentity, setAnonymousIdentity] = useState('');
+  const [caCert, setCaCert] = useState('');
+  const [domainSuffixMatch, setDomainSuffixMatch] = useState('');
   const [status, setStatus] = useState<'' | 'connecting' | 'disconnecting'>('');
   const [message, setMessage] = useState('');
 
@@ -47,13 +55,21 @@ export const Wifi = () => {
   async function connect() {
     setMessage('');
 
-    if (!ssid || !password) return;
+    if (!ssid || !password || (mode === 'enterprise' && !identity)) return;
 
     if (status !== '') return;
     setStatus('connecting');
 
     try {
-      const rsp = await api.connectWifi(ssid, password);
+      const rsp = await api.connectWifi(ssid, password, {
+        mode,
+        identity,
+        eap,
+        phase2,
+        anonymousIdentity,
+        caCert,
+        domainSuffixMatch
+      });
       if (rsp.code !== 0) {
         console.log(rsp.msg);
         setMessage(t('settings.network.wifi.failed'));
@@ -91,8 +107,15 @@ export const Wifi = () => {
   }
 
   function openModal() {
+    setMode('psk');
     setSsid('');
     setPassword('');
+    setIdentity('');
+    setEap('PEAP');
+    setPhase2('auth=MSCHAPV2');
+    setAnonymousIdentity('');
+    setCaCert('');
+    setDomainSuffixMatch('');
     setMessage('');
     setIsModalOpen(true);
   }
@@ -186,6 +209,15 @@ export const Wifi = () => {
 
         {/* form */}
         <div className="flex flex-col items-center space-y-3 py-6">
+          <Select
+            value={mode}
+            style={{ width: '300px' }}
+            options={[
+              { value: 'psk', label: 'Personal / WPA-PSK' },
+              { value: 'enterprise', label: 'Enterprise / 802.1X' }
+            ]}
+            onChange={setMode}
+          />
           <Input
             value={ssid}
             style={{ width: '300px' }}
@@ -200,6 +232,50 @@ export const Wifi = () => {
             placeholder={t('settings.network.wifi.password')}
             onChange={(e) => setPassword(e.target.value)}
           />
+          {mode === 'enterprise' && (
+            <>
+              <Input
+                value={identity}
+                style={{ width: '300px' }}
+                placeholder="Identity / Username"
+                onChange={(e) => setIdentity(e.target.value)}
+              />
+              <Select
+                value={eap}
+                style={{ width: '300px' }}
+                options={[
+                  { value: 'PEAP', label: 'EAP: PEAP' },
+                  { value: 'TTLS', label: 'EAP: TTLS' },
+                  { value: 'TLS', label: 'EAP: TLS' }
+                ]}
+                onChange={setEap}
+              />
+              <Input
+                value={phase2}
+                style={{ width: '300px' }}
+                placeholder="Phase 2 auth"
+                onChange={(e) => setPhase2(e.target.value)}
+              />
+              <Input
+                value={anonymousIdentity}
+                style={{ width: '300px' }}
+                placeholder="Anonymous identity (optional)"
+                onChange={(e) => setAnonymousIdentity(e.target.value)}
+              />
+              <Input
+                value={caCert}
+                style={{ width: '300px' }}
+                placeholder="CA certificate path (optional)"
+                onChange={(e) => setCaCert(e.target.value)}
+              />
+              <Input
+                value={domainSuffixMatch}
+                style={{ width: '300px' }}
+                placeholder="Domain suffix match (optional)"
+                onChange={(e) => setDomainSuffixMatch(e.target.value)}
+              />
+            </>
+          )}
 
           {!!message && <span className="text-sm text-red-500">{message}</span>}
         </div>
diff --git a/web/src/pages/wifi/index.tsx b/web/src/pages/wifi/index.tsx
index f1319928..c66df0a7 100644
--- a/web/src/pages/wifi/index.tsx
+++ b/web/src/pages/wifi/index.tsx
@@ -1,6 +1,6 @@
 import { useEffect, useState } from 'react';
 import { CheckOutlined, KeyOutlined, LockOutlined, WifiOutlined } from '@ant-design/icons';
-import { Button, Form, Input } from 'antd';
+import { Button, Form, Input, Select } from 'antd';
 import { useTranslation } from 'react-i18next';
 import { useSearchParams } from 'react-router-dom';
 
@@ -19,6 +19,8 @@ export const Wifi = () => {
   const [isAuthenticated, setIsAuthenticated] = useState<boolean>(false);
   const [verifying, setVerifying] = useState<boolean>(false);
   const [verifyState, setVerifyState] = useState<VerifyState>('');
+  const [form] = Form.useForm();
+  const mode = Form.useWatch('mode', form);
 
   useEffect(() => {
     const pass = searchParams.get('p') || searchParams.get('P');
@@ -54,12 +56,21 @@ export const Wifi = () => {
 
   async function connect(values: any) {
     if (!values.ssid || !values.password) return;
+    if (values.mode === 'enterprise' && !values.identity) return;
 
     if (state === 'loading') return;
     setState('loading');
 
     try {
-      const rsp = await api.connectWifiNoAuth(values.ssid, values.password, apPassword);
+      const rsp = await api.connectWifiNoAuth(values.ssid, values.password, apPassword, {
+        mode: values.mode || 'psk',
+        identity: values.identity,
+        eap: values.eap,
+        phase2: values.phase2,
+        anonymousIdentity: values.anonymousIdentity,
+        caCert: values.caCert,
+        domainSuffixMatch: values.domainSuffixMatch
+      });
 
       switch (rsp?.code) {
         case 0:
@@ -129,8 +140,9 @@ export const Wifi = () => {
 
       <div className="flex h-screen w-screen flex-col items-center justify-center">
         <Form
+          form={form}
           style={{ minWidth: 300, maxWidth: 500 }}
-          initialValues={{ remember: true }}
+          initialValues={{ remember: true, mode: 'psk', eap: 'PEAP', phase2: 'auth=MSCHAPV2' }}
           onFinish={connect}
         >
           <div className="flex flex-col space-y-1 pb-5">
@@ -140,6 +152,15 @@ export const Wifi = () => {
             <span className="text-center text-neutral-400">{t('wifi.description')}</span>
           </div>
 
+          <Form.Item name="mode">
+            <Select
+              options={[
+                { value: 'psk', label: 'Personal / WPA-PSK' },
+                { value: 'enterprise', label: 'Enterprise / 802.1X' }
+              ]}
+            />
+          </Form.Item>
+
           <Form.Item name="ssid">
             <Input prefix={<WifiOutlined />} placeholder="SSID" />
           </Form.Item>
@@ -148,6 +169,40 @@ export const Wifi = () => {
             <Input.Password prefix={<LockOutlined />} placeholder="Password" />
           </Form.Item>
 
+          {mode === 'enterprise' && (
+            <>
+              <Form.Item name="identity">
+                <Input placeholder="Identity / Username" />
+              </Form.Item>
+
+              <Form.Item name="eap">
+                <Select
+                  options={[
+                    { value: 'PEAP', label: 'EAP: PEAP' },
+                    { value: 'TTLS', label: 'EAP: TTLS' },
+                    { value: 'TLS', label: 'EAP: TLS' }
+                  ]}
+                />
+              </Form.Item>
+
+              <Form.Item name="phase2">
+                <Input placeholder="Phase 2 auth" />
+              </Form.Item>
+
+              <Form.Item name="anonymousIdentity">
+                <Input placeholder="Anonymous identity (optional)" />
+              </Form.Item>
+
+              <Form.Item name="caCert">
+                <Input placeholder="CA certificate path (optional)" />
+              </Form.Item>
+
+              <Form.Item name="domainSuffixMatch">
+                <Input placeholder="Domain suffix match (optional)" />
+              </Form.Item>
+            </>
+          )}
+
           <Form.Item>
             {state === 'success' ? (
               <Button className="w-full" type="primary" icon={<CheckOutlined />}>

From dbf239ca0f889e4c782aa9bff1ca1b559dd7c2e6 Mon Sep 17 00:00:00 2001
From: YipKo <17290550+YipKo@users.noreply.github.com>
Date: Wed, 27 May 2026 02:58:42 +0800
Subject: [PATCH 2/5] fix: preserve server runpath in build output

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 591d64b4..45e128fe 100644
--- a/Makefile
+++ b/Makefile
@@ -10,7 +10,7 @@ PWD := $(shell pwd)
 DOCKER_RUN_BASE := docker run -e UID=$(UID) -e GID=$(GID) -v $(PWD):/home/build/NanoKVM --rm
 
 # Build commands
-GO_BUILD_CMD := cd /home/build/NanoKVM/server && go mod tidy && CGO_ENABLED=1 GOOS=linux GOARCH=riscv64 CC=riscv64-unknown-linux-musl-gcc CGO_CFLAGS="-mcpu=c906fdv -march=rv64imafdcv0p7xthead -mcmodel=medany -mabi=lp64d" go build
+GO_BUILD_CMD := cd /home/build/NanoKVM/server && go mod tidy && CGO_ENABLED=1 GOOS=linux GOARCH=riscv64 CC=riscv64-unknown-linux-musl-gcc CGO_CFLAGS="-mcpu=c906fdv -march=rv64imafdcv0p7xthead -mcmodel=medany -mabi=lp64d" CGO_LDFLAGS="-Wl,-rpath,\$$ORIGIN/dl_lib" go build
 SUPPORT_BUILD_CMD := . ./home/build/MaixCDK/bin/activate && cd /home/build/NanoKVM/support/sg2002 && ./build kvm_system && ./build kvm_system add_to_kvmapp
 
 .PHONY: help check-root builder-image rebuild-image check-image shell app support all clean

From 38c1c344a4ef862277a6372dcce1f33b451fd371 Mon Sep 17 00:00:00 2001
From: YipKo <17290550+YipKo@users.noreply.github.com>
Date: Tue, 26 May 2026 22:37:34 +0800
Subject: [PATCH 3/5] fix: stop logging request bodies

---
 server/proto/request.go | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/server/proto/request.go b/server/proto/request.go
index f0f3b39d..8dcf45ad 100644
--- a/server/proto/request.go
+++ b/server/proto/request.go
@@ -19,10 +19,6 @@ func ValidateRequest(req interface{}) error {
 		return err
 	}
 
-	if env == "" || env == "debug" {
-		log.Debugf("request: %+v\n", req)
-	}
-
 	return nil
 }
 

From c14e90e4e331848ed5c6db4c85ca4fbf86e8f33e Mon Sep 17 00:00:00 2001
From: YipKo <17290550+YipKo@users.noreply.github.com>
Date: Wed, 27 May 2026 03:01:21 +0800
Subject: [PATCH 4/5] feat: add Wi-Fi and Ethernet 802.1X configuration

---
 kvmapp/system/init.d/S30eth                   | 130 ++++-
 kvmapp/system/init.d/S30wifi                  |  95 +++-
 kvmapp/system/init.d/S95nanokvm               |   8 +-
 server/proto/network.go                       |  74 ++-
 server/router/network.go                      |   2 +
 server/service/network/dns.go                 | 113 ++++-
 server/service/network/ethernet.go            | 468 ++++++++++++++++++
 server/service/network/wifi.go                | 264 +++++++++-
 web/src/api/network.ts                        |  36 ++
 web/src/i18n/locales/en.ts                    |  49 ++
 web/src/i18n/locales/zh.ts                    |  49 ++
 web/src/i18n/locales/zh_tw.ts                 |  49 ++
 .../desktop/menu/settings/network/dns.tsx     | 164 ++----
 .../menu/settings/network/ethernet.tsx        | 413 ++++++++++++++++
 .../desktop/menu/settings/network/index.tsx   |   4 +
 .../menu/settings/network/network-details.tsx | 153 ++++++
 .../desktop/menu/settings/network/wifi.tsx    | 291 +++++++++--
 web/src/pages/wifi/index.tsx                  | 123 ++++-
 18 files changed, 2274 insertions(+), 211 deletions(-)
 create mode 100644 server/service/network/ethernet.go
 create mode 100644 web/src/pages/desktop/menu/settings/network/ethernet.tsx
 create mode 100644 web/src/pages/desktop/menu/settings/network/network-details.tsx

diff --git a/kvmapp/system/init.d/S30eth b/kvmapp/system/init.d/S30eth
index 409708ae..d92f737b 100755
--- a/kvmapp/system/init.d/S30eth
+++ b/kvmapp/system/init.d/S30eth
@@ -1,11 +1,125 @@
 #!/bin/sh
 
 RESERVE_INET="192.168.90.1/22"
+ETH_MODE_FILE="/etc/kvm/eth.mode"
+ETH_PASS_FILE="/etc/kvm/eth.pass"
+ETH_IDENTITY_FILE="/etc/kvm/eth.identity"
+ETH_EAP_FILE="/etc/kvm/eth.eap"
+ETH_PHASE2_FILE="/etc/kvm/eth.phase2"
+ETH_ANON_IDENTITY_FILE="/etc/kvm/eth.anonymous_identity"
+ETH_CA_CERT_FILE="/etc/kvm/eth.ca_cert"
+ETH_CLIENT_CERT_FILE="/etc/kvm/eth.client_cert"
+ETH_PRIVATE_KEY_FILE="/etc/kvm/eth.private_key"
+ETH_PRIVATE_KEY_PASSWD_FILE="/etc/kvm/eth.private_key_passwd"
+ETH_DOMAIN_SUFFIX_MATCH_FILE="/etc/kvm/eth.domain_suffix_match"
+ETH_WPA_CONF="/etc/wpa_supplicant-wired.conf"
+ETH_WPA_PID="/run/wpa_supplicant.eth0.pid"
+ETH_DHCP_PID="/run/udhcpc.eth0.pid"
+ETH_WPA_BIN="/usr/sbin/wpa_supplicant-wired"
 
 clean_line() {
     echo "$1" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//;s/\r//g'
 }
 
+read_file_trimmed() {
+    file="$1"
+    [ -e "$file" ] || return 0
+    tr -d '\r' <"$file" | sed 's/[[:space:]]*$//'
+}
+
+append_quoted_value() {
+    key="$1"
+    value="$2"
+    [ -n "$value" ] || return 0
+    escaped=$(printf '%s' "$value" | sed 's/\\/\\\\/g; s/"/\\"/g')
+    printf '    %s="%s"\n' "$key" "$escaped"
+}
+
+supports_wired_driver() {
+    if [ -x "$ETH_WPA_BIN" ]; then
+        return 0
+    fi
+    wpa_supplicant -h 2>&1 | grep -q "wired = Wired Ethernet driver"
+}
+
+get_wpa_bin() {
+    if [ -x "$ETH_WPA_BIN" ]; then
+        echo "$ETH_WPA_BIN"
+        return 0
+    fi
+    command -v wpa_supplicant
+}
+
+gen_wired_enterprise_conf() {
+    pass="$1"
+    identity="$2"
+    eap="$3"
+    phase2="$4"
+    anonymous_identity="$5"
+    ca_cert="$6"
+    domain_suffix_match="$7"
+    client_cert="$8"
+    private_key="$9"
+    private_key_passwd="${10}"
+
+    echo "ctrl_interface=/var/run/wpa_supplicant"
+    echo "ap_scan=0"
+    echo "fast_reauth=1"
+    echo
+    echo "network={"
+    echo "    key_mgmt=IEEE8021X"
+    [ -n "$eap" ] && echo "    eap=$eap"
+    append_quoted_value "identity" "$identity"
+    append_quoted_value "password" "$pass"
+    append_quoted_value "phase2" "$phase2"
+    append_quoted_value "anonymous_identity" "$anonymous_identity"
+    append_quoted_value "ca_cert" "$ca_cert"
+    append_quoted_value "domain_suffix_match" "$domain_suffix_match"
+    append_quoted_value "client_cert" "$client_cert"
+    append_quoted_value "private_key" "$private_key"
+    append_quoted_value "private_key_passwd" "$private_key_passwd"
+    echo "}"
+}
+
+stop_wired_auth() {
+    if [ -e "$ETH_WPA_PID" ]; then
+        kill "$(cat "$ETH_WPA_PID")" 2>/dev/null || true
+        rm -f "$ETH_WPA_PID"
+    fi
+}
+
+start_wired_auth() {
+    mode=$(read_file_trimmed "$ETH_MODE_FILE")
+    case "$mode" in
+        enterprise|8021x|wpa-eap)
+            if ! supports_wired_driver; then
+                echo "S30eth: wired 802.1X driver is unavailable; skipping wpa_supplicant startup" >&2
+                return 0
+            fi
+            pass=$(read_file_trimmed "$ETH_PASS_FILE")
+            identity=$(read_file_trimmed "$ETH_IDENTITY_FILE")
+            eap=$(read_file_trimmed "$ETH_EAP_FILE")
+            phase2=$(read_file_trimmed "$ETH_PHASE2_FILE")
+            anonymous_identity=$(read_file_trimmed "$ETH_ANON_IDENTITY_FILE")
+            ca_cert=$(read_file_trimmed "$ETH_CA_CERT_FILE")
+            domain_suffix_match=$(read_file_trimmed "$ETH_DOMAIN_SUFFIX_MATCH_FILE")
+            client_cert=$(read_file_trimmed "$ETH_CLIENT_CERT_FILE")
+            private_key=$(read_file_trimmed "$ETH_PRIVATE_KEY_FILE")
+            private_key_passwd=$(read_file_trimmed "$ETH_PRIVATE_KEY_PASSWD_FILE")
+
+            [ -n "$eap" ] || eap="PEAP"
+
+            gen_wired_enterprise_conf "$pass" "$identity" "$eap" "$phase2" \
+                "$anonymous_identity" "$ca_cert" "$domain_suffix_match" \
+                "$client_cert" "$private_key" "$private_key_passwd" >"$ETH_WPA_CONF"
+            chmod 600 "$ETH_WPA_CONF"
+            ip link set eth0 up
+            stop_wired_auth
+            "$(get_wpa_bin)" -B -D wired -i eth0 -c "$ETH_WPA_CONF" -P "$ETH_WPA_PID"
+            ;;
+    esac
+}
+
 calc_gw() {
     addr="$1"
     netid="$2"
@@ -23,7 +137,9 @@ EOF
 }
 
 start() {
+    stop_wired_auth
     ip addr flush dev eth0
+    start_wired_auth
     if [ -e /boot/eth.nodhcp ]; then
         while IFS= read -r line || [ -n "$line" ]; do
             line=$(clean_line "$line")
@@ -57,7 +173,7 @@ start() {
         done < /boot/eth.nodhcp
 
         ip a show dev eth0 | grep inet > /dev/null || {
-            udhcpc -i eth0 -t 3 -T 1 -A 5 -b -p /run/udhcpc.eth0.pid &>/dev/null
+            udhcpc -i eth0 -t 3 -T 1 -A 5 -b -p "$ETH_DHCP_PID" &>/dev/null
             ip a show dev eth0 | grep inet > /dev/null
         } || {
             inet=$RESERVE_INET
@@ -65,14 +181,16 @@ start() {
             ip a add "$inet" brd + dev eth0
         } || exit 1
     else
-        udhcpc -i eth0 -t 10 -T 1 -A 5 -b -p /run/udhcpc.eth0.pid &
+        udhcpc -i eth0 -t 10 -T 1 -A 5 -b -p "$ETH_DHCP_PID" &
     fi
 }
 
 stop() {
-    [ ! -e "/run/udhcpc.eth0.pid" ] && exit 1
-    kill "$(cat /run/udhcpc.eth0.pid)"
-    rm /run/udhcpc.eth0.pid
+    if [ -e "$ETH_DHCP_PID" ]; then
+        kill "$(cat "$ETH_DHCP_PID")" 2>/dev/null || true
+        rm -f "$ETH_DHCP_PID"
+    fi
+    stop_wired_auth
 }
 
 case "$1" in
@@ -83,4 +201,4 @@ case "$1" in
         $0 start
         ;;
     *) exit 1 ;;
-esac
\ No newline at end of file
+esac
diff --git a/kvmapp/system/init.d/S30wifi b/kvmapp/system/init.d/S30wifi
index d6c532b5..359a1876 100755
--- a/kvmapp/system/init.d/S30wifi
+++ b/kvmapp/system/init.d/S30wifi
@@ -3,6 +3,7 @@
 . /etc/profile
 
 APFLAG_FILE=/tmp/wifiap
+WIFI_STATIC_CONFIG=/boot/wifi.nodhcp
 
 escape_wpa_value() {
     printf "%s" "$1" | tr -d '\r\n' | sed 's/\\/\\\\/g; s/"/\\"/g'
@@ -12,6 +13,10 @@ sanitize_wpa_token() {
     printf "%s" "$1" | tr -cd 'A-Za-z0-9_-'
 }
 
+clean_line() {
+    echo "$1" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//;s/\r//g'
+}
+
 append_wpa_field() {
     key="${1}"
     value="${2}"
@@ -20,16 +25,45 @@ append_wpa_field() {
     fi
 }
 
+calc_gw() {
+    addr="$1"
+    netid="$2"
+    IFS=. read a b c d <<EOF
+$addr
+EOF
+    ipnum=$(( (a<<24) + (b<<16) + (c<<8) + d ))
+    mask=$(( 0xFFFFFFFF << (32-netid) & 0xFFFFFFFF ))
+    gwnum=$(( (ipnum & mask) | 1 ))
+    if [ $gwnum -eq $ipnum ]; then
+        broadcast=$(( (ipnum & mask) | (0xFFFFFFFF & ~mask) ))
+        gwnum=$(( broadcast - 1 ))
+    fi
+    echo "$(( (gwnum>>24)&255 )).$(( (gwnum>>16)&255 )).$(( (gwnum>>8)&255 )).$(( gwnum&255 ))"
+}
+
 gen_wpa_enterprise_conf() {
     ssid="${1}"
     pass="${2}"
     identity="${3}"
     eap="${4:-PEAP}"
-    phase2="${5:-auth=MSCHAPV2}"
+    phase2="${5}"
     anonymous_identity="${6}"
     ca_cert="${7}"
     domain_suffix_match="${8}"
+    client_cert="${9}"
+    private_key="${10}"
+    private_key_passwd="${11}"
     eap=$(sanitize_wpa_token "$eap")
+    case "$eap" in
+    PEAP | TTLS)
+        if [ -z "$phase2" ]; then
+            phase2="auth=MSCHAPV2"
+        fi
+        ;;
+    *)
+        phase2=""
+        ;;
+    esac
 
     echo "ctrl_interface=/var/run/wpa_supplicant"
     echo "ap_scan=1"
@@ -44,6 +78,9 @@ gen_wpa_enterprise_conf() {
     append_wpa_field "phase2" "$phase2"
     append_wpa_field "anonymous_identity" "$anonymous_identity"
     append_wpa_field "ca_cert" "$ca_cert"
+    append_wpa_field "client_cert" "$client_cert"
+    append_wpa_field "private_key" "$private_key"
+    append_wpa_field "private_key_passwd" "$private_key_passwd"
     append_wpa_field "domain_suffix_match" "$domain_suffix_match"
     echo "}"
 }
@@ -102,6 +139,9 @@ start() {
     phase2="auth=MSCHAPV2"
     anonymous_identity=""
     ca_cert=""
+    client_cert=""
+    private_key=""
+    private_key_passwd=""
     domain_suffix_match=""
     if [ -e /boot/wifi.ssid ] && [ -e /boot/wifi.pass ]; then
         echo "Updating WiFi credentials from /boot to /etc/kvm/"
@@ -139,13 +179,22 @@ start() {
     if [ -e /etc/kvm/wifi.ca_cert ]; then
         ca_cert=$(cat /etc/kvm/wifi.ca_cert)
     fi
+    if [ -e /etc/kvm/wifi.client_cert ]; then
+        client_cert=$(cat /etc/kvm/wifi.client_cert)
+    fi
+    if [ -e /etc/kvm/wifi.private_key ]; then
+        private_key=$(cat /etc/kvm/wifi.private_key)
+    fi
+    if [ -e /etc/kvm/wifi.private_key_passwd ]; then
+        private_key_passwd=$(cat /etc/kvm/wifi.private_key_passwd)
+    fi
     if [ -e /etc/kvm/wifi.domain_suffix_match ]; then
         domain_suffix_match=$(cat /etc/kvm/wifi.domain_suffix_match)
     fi
 
     case "$mode" in
     enterprise | 8021x | wpa-eap)
-        gen_wpa_enterprise_conf "$ssid" "$pass" "$identity" "$eap" "$phase2" "$anonymous_identity" "$ca_cert" "$domain_suffix_match" >/etc/wpa_supplicant.conf
+        gen_wpa_enterprise_conf "$ssid" "$pass" "$identity" "$eap" "$phase2" "$anonymous_identity" "$ca_cert" "$domain_suffix_match" "$client_cert" "$private_key" "$private_key_passwd" >/etc/wpa_supplicant.conf
         ;;
     *)
         echo "ctrl_interface=/var/run/wpa_supplicant" >/etc/wpa_supplicant.conf
@@ -154,7 +203,47 @@ start() {
     esac
     chmod 600 /etc/wpa_supplicant.conf
     wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant.conf
-    if [ ! -e /boot/wifi.nodhcp ]; then
+    ifconfig wlan0 up
+    ip route del default || true
+    ip addr flush dev wlan0
+    if [ -e "$WIFI_STATIC_CONFIG" ]; then
+        while IFS= read -r line || [ -n "$line" ]; do
+            line=$(clean_line "$line")
+            [ -z "$line" ] && continue
+            set -- $line
+            inet="$1"
+            gw="$2"
+            [ -z "$inet" ] && continue
+            case "$inet" in
+                */*)
+                    netid_check=${inet#*/}
+                    if ! echo "$netid_check" | grep -qE '^[0-9]+$' || [ $netid_check -lt 1 ] 2>/dev/null || [ $netid_check -gt 32 ] 2>/dev/null; then
+                        inet="${inet%/*}/16"
+                    fi
+                    ;;
+                *)
+                    inet="$inet/16"
+                    ;;
+            esac
+            addr=${inet%/*}
+            netid=${inet#*/}
+            [ -z "$gw" ] && gw=$(calc_gw "$addr" "$netid")
+            arping -Dqc2 -Iwlan0 "$addr" || continue
+            ip a add "$inet" brd + dev wlan0
+            ip r add default via "$gw" dev wlan0
+            echo -e "nameserver $gw" >> /etc/resolv.conf
+            break
+        done < "$WIFI_STATIC_CONFIG"
+
+        ip a show dev wlan0 | grep inet > /dev/null || {
+            udhcpc -i wlan0 -t 3 -T 1 -A 5 -b -p /run/udhcpc.wlan0.pid &>/dev/null
+            ip a show dev wlan0 | grep inet > /dev/null
+        } || {
+            inet=192.168.90.1/22
+            addr=${inet%/*}
+            ip a add "$inet" brd + dev wlan0
+        } || exit 1
+    else
         (udhcpc -i wlan0 -t 10 -T 1 -A 5 -b -p /run/udhcpc.wlan0.pid) &
     fi
 }
diff --git a/kvmapp/system/init.d/S95nanokvm b/kvmapp/system/init.d/S95nanokvm
index e93f6645..f3142618 100755
--- a/kvmapp/system/init.d/S95nanokvm
+++ b/kvmapp/system/init.d/S95nanokvm
@@ -49,8 +49,7 @@ case "$1" in
     /tmp/kvm_system/kvm_system &
 
     cp -r /kvmapp/server /tmp/
-    chmod -R a+rX /tmp/server/web
-    (cd /tmp/server && LD_LIBRARY_PATH=/tmp/server/dl_lib ./NanoKVM-Server >/tmp/nanokvm-server.log 2>&1) &
+    /tmp/server/NanoKVM-Server &
    ;;
 
   stop)
@@ -69,8 +68,7 @@ case "$1" in
     /tmp/kvm_system/kvm_system &
 
     cp -r /kvmapp/server /tmp/
-    chmod -R a+rX /tmp/server/web
-    (cd /tmp/server && LD_LIBRARY_PATH=/tmp/server/dl_lib ./NanoKVM-Server >/tmp/nanokvm-server.log 2>&1) &
+    /tmp/server/NanoKVM-Server &
 
     sync
     echo "OK"
@@ -80,4 +78,4 @@ case "$1" in
     echo "Usage: $0 {start|stop|restart}"
     exit 1
   ;;
-esac
+esac
\ No newline at end of file
diff --git a/server/proto/network.go b/server/proto/network.go
index 0ab4a469..b49d25d5 100644
--- a/server/proto/network.go
+++ b/server/proto/network.go
@@ -18,21 +18,83 @@ type SetMacNameReq struct {
 }
 
 type GetWifiRsp struct {
-	Supported bool   `json:"supported"`
-	ApMode    bool   `json:"apMode"`
-	Connected bool   `json:"connected"`
-	Ssid      string `json:"ssid"`
+	Supported           bool   `json:"supported"`
+	ApMode              bool   `json:"apMode"`
+	Connected           bool   `json:"connected"`
+	Ssid                string `json:"ssid"`
+	Mode                string `json:"mode"`
+	IPMode              string `json:"ipMode"`
+	Address             string `json:"address"`
+	SubnetMask          string `json:"subnetMask"`
+	Gateway             string `json:"gateway"`
+	PasswordSet         bool   `json:"passwordSet"`
+	Identity            string `json:"identity"`
+	EAP                 string `json:"eap"`
+	Phase2              string `json:"phase2"`
+	AnonymousIdentity   string `json:"anonymousIdentity"`
+	CACert              string `json:"caCert"`
+	ClientCert          string `json:"clientCert"`
+	PrivateKey          string `json:"privateKey"`
+	PrivateKeyPasswdSet bool   `json:"privateKeyPasswdSet"`
+	DomainSuffixMatch   string `json:"domainSuffixMatch"`
 }
 
 type ConnectWifiReq struct {
 	Ssid              string `json:"ssid" form:"ssid"`
 	Password          string `json:"password" form:"password"`
+	IPMode            string `json:"ipMode" form:"ipMode"`
+	Address           string `json:"address" form:"address"`
+	SubnetMask        string `json:"subnetMask" form:"subnetMask"`
+	Gateway           string `json:"gateway" form:"gateway"`
 	Mode              string `json:"mode" form:"mode"`
 	Identity          string `json:"identity" form:"identity"`
 	EAP               string `json:"eap" form:"eap"`
 	Phase2            string `json:"phase2" form:"phase2"`
 	AnonymousIdentity string `json:"anonymousIdentity" form:"anonymousIdentity"`
 	CACert            string `json:"caCert" form:"caCert"`
+	ClientCert        string `json:"clientCert" form:"clientCert"`
+	PrivateKey        string `json:"privateKey" form:"privateKey"`
+	PrivateKeyPasswd  string `json:"privateKeyPasswd" form:"privateKeyPasswd"`
+	DomainSuffixMatch string `json:"domainSuffixMatch" form:"domainSuffixMatch"`
+}
+
+type GetEthernetRsp struct {
+	Supported           bool   `json:"supported"`
+	Mode                string `json:"mode"`
+	Configured          bool   `json:"configured"`
+	Connected           bool   `json:"connected"`
+	Interface           string `json:"interface"`
+	IPMode              string `json:"ipMode"`
+	Address             string `json:"address"`
+	SubnetMask          string `json:"subnetMask"`
+	Gateway             string `json:"gateway"`
+	PasswordSet         bool   `json:"passwordSet"`
+	Identity            string `json:"identity"`
+	EAP                 string `json:"eap"`
+	Phase2              string `json:"phase2"`
+	AnonymousIdentity   string `json:"anonymousIdentity"`
+	CACert              string `json:"caCert"`
+	ClientCert          string `json:"clientCert"`
+	PrivateKey          string `json:"privateKey"`
+	PrivateKeyPasswdSet bool   `json:"privateKeyPasswdSet"`
+	DomainSuffixMatch   string `json:"domainSuffixMatch"`
+}
+
+type SetEthernetReq struct {
+	Mode              string `json:"mode" form:"mode"`
+	IPMode            string `json:"ipMode" form:"ipMode"`
+	Address           string `json:"address" form:"address"`
+	SubnetMask        string `json:"subnetMask" form:"subnetMask"`
+	Gateway           string `json:"gateway" form:"gateway"`
+	Password          string `json:"password" form:"password"`
+	Identity          string `json:"identity" form:"identity"`
+	EAP               string `json:"eap" form:"eap"`
+	Phase2            string `json:"phase2" form:"phase2"`
+	AnonymousIdentity string `json:"anonymousIdentity" form:"anonymousIdentity"`
+	CACert            string `json:"caCert" form:"caCert"`
+	ClientCert        string `json:"clientCert" form:"clientCert"`
+	PrivateKey        string `json:"privateKey" form:"privateKey"`
+	PrivateKeyPasswd  string `json:"privateKeyPasswd" form:"privateKeyPasswd"`
 	DomainSuffixMatch string `json:"domainSuffixMatch" form:"domainSuffixMatch"`
 }
 
@@ -42,6 +104,7 @@ type GetDNSRsp struct {
 	Effective []string `json:"effective"`
 	DHCP      []string `json:"dhcp"`
 	Info      DNSInfo  `json:"info"`
+	Infos     []DNSInfo `json:"infos"`
 }
 
 type SetDNSReq struct {
@@ -55,5 +118,8 @@ type DNSInfo struct {
 	Address       string   `json:"address"`
 	SubnetMask    string   `json:"subnetMask"`
 	Gateway       string   `json:"gateway"`
+	Signal        string   `json:"signal"`
+	RxRate        string   `json:"rxRate"`
+	TxRate        string   `json:"txRate"`
 	SearchDomains []string `json:"searchDomains"`
 }
diff --git a/server/router/network.go b/server/router/network.go
index 9aeb4b6a..8e3b74c2 100644
--- a/server/router/network.go
+++ b/server/router/network.go
@@ -23,6 +23,8 @@ func networkRouter(r *gin.Engine) {
 	api.GET("/network/wifi", service.GetWifi)                    // get Wi-Fi information
 	api.POST("/network/wifi/connect", service.ConnectWifi)       // connect Wi-Fi
 	api.POST("/network/wifi/disconnect", service.DisconnectWifi) // disconnect Wi-Fi
+	api.GET("/network/ethernet", service.GetEthernet)            // get Ethernet 802.1X information
+	api.POST("/network/ethernet", service.SetEthernet)           // set Ethernet 802.1X configuration
 
 	api.GET("/network/dns", service.GetDNS)  // get DNS configuration
 	api.POST("/network/dns", service.SetDNS) // set DNS configuration
diff --git a/server/service/network/dns.go b/server/service/network/dns.go
index 8bce7a6f..9076d1e4 100644
--- a/server/service/network/dns.go
+++ b/server/service/network/dns.go
@@ -8,6 +8,7 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"sort"
 	"strconv"
 	"strings"
 
@@ -59,6 +60,10 @@ func (s *Service) GetDNS(c *gin.Context) {
 	dhcpConfig, _ := readDHCPResolvConfig(canFallbackEffectiveForDHCP())
 	dhcp := dhcpConfig.Servers
 	info := getDNSInfo()
+	infos := getDNSInfos()
+	if len(infos) == 0 && info.Interface != "" {
+		infos = []proto.DNSInfo{info}
+	}
 
 	rsp.OkRspWithData(c, &proto.GetDNSRsp{
 		Mode:      mode,
@@ -66,8 +71,9 @@ func (s *Service) GetDNS(c *gin.Context) {
 		Effective: effective,
 		DHCP:      dhcp,
 		Info:      info,
+		Infos:     infos,
 	})
-	log.Debugf("get dns config: mode=%s servers=%v effective=%v dhcp=%v info=%+v", mode, servers, effective, dhcp, info)
+	log.Debugf("get dns config: mode=%s servers=%v effective=%v dhcp=%v info=%+v infos=%d", mode, servers, effective, dhcp, info, len(infos))
 }
 
 func (s *Service) SetDNS(c *gin.Context) {
@@ -379,6 +385,12 @@ func getDNSInfo() proto.DNSInfo {
 	if ifaceName == "" {
 		ifaceName = getFallbackIPv4Interface()
 	}
+	if ifaceName != "" {
+		ifaceGateway := getInterfaceGateway(ifaceName)
+		if ifaceGateway != "" {
+			gateway = ifaceGateway
+		}
+	}
 
 	info := proto.DNSInfo{
 		Interface: ifaceName,
@@ -399,10 +411,106 @@ func getDNSInfo() proto.DNSInfo {
 
 	info.Type = getDNSInterfaceType(iface.Name)
 	info.Address, info.SubnetMask = getIPv4AddressInfo(*iface)
+	if strings.EqualFold(info.Type, "Wireless") {
+		info.Signal, info.RxRate, info.TxRate = getWirelessLinkInfo(iface.Name)
+	}
 
 	return info
 }
 
+func getDNSInfos() []proto.DNSInfo {
+	interfaces, err := net.Interfaces()
+	if err != nil {
+		return nil
+	}
+
+	infos := make([]proto.DNSInfo, 0, len(interfaces))
+
+	for _, iface := range interfaces {
+		if iface.Flags&net.FlagUp == 0 {
+			continue
+		}
+
+		ifaceType := getDNSInterfaceType(iface.Name)
+		if ifaceType == "" {
+			continue
+		}
+
+		address, subnetMask := getIPv4AddressInfo(iface)
+		if address == "" {
+			continue
+		}
+
+		info := proto.DNSInfo{
+			Interface:  iface.Name,
+			Type:       ifaceType,
+			Address:    address,
+			SubnetMask: subnetMask,
+			Gateway:    getInterfaceGateway(iface.Name),
+		}
+		if ifaceType == "Wireless" {
+			info.Signal, info.RxRate, info.TxRate = getWirelessLinkInfo(iface.Name)
+		}
+
+		infos = append(infos, info)
+	}
+
+	sort.SliceStable(infos, func(i, j int) bool {
+		if infos[i].Type != infos[j].Type {
+			return infos[i].Type == "Wired"
+		}
+		return infos[i].Interface < infos[j].Interface
+	})
+
+	return infos
+}
+
+func getWirelessLinkInfo(ifaceName string) (string, string, string) {
+	output, err := exec.Command("iw", "dev", ifaceName, "link").CombinedOutput()
+	if err != nil {
+		return "", "", ""
+	}
+
+	var signal string
+	var rxRate string
+	var txRate string
+
+	scanner := bufio.NewScanner(strings.NewReader(string(output)))
+	for scanner.Scan() {
+		line := strings.TrimSpace(scanner.Text())
+		switch {
+		case strings.HasPrefix(line, "signal:"):
+			signal = strings.TrimSpace(strings.TrimPrefix(line, "signal:"))
+		case strings.HasPrefix(line, "rx bitrate:"):
+			rxRate = strings.TrimSpace(strings.TrimPrefix(line, "rx bitrate:"))
+		case strings.HasPrefix(line, "tx bitrate:"):
+			txRate = strings.TrimSpace(strings.TrimPrefix(line, "tx bitrate:"))
+		}
+	}
+
+	return signal, rxRate, txRate
+}
+
+func getInterfaceGateway(ifaceName string) string {
+	if strings.TrimSpace(ifaceName) == "" {
+		return ""
+	}
+
+	out, err := exec.Command("ip", "route", "show", "dev", ifaceName).CombinedOutput()
+	if err != nil {
+		return ""
+	}
+
+	for _, line := range strings.Split(string(out), "\n") {
+		fields := strings.Fields(line)
+		if len(fields) >= 3 && fields[0] == "default" && fields[1] == "via" {
+			return fields[2]
+		}
+	}
+
+	return ""
+}
+
 func getDefaultIPv4Route() (string, string) {
 	file, err := os.Open("/proc/net/route")
 	if err != nil {
@@ -486,8 +594,7 @@ func getIPv4AddressInfo(iface net.Interface) (string, string) {
 			continue
 		}
 
-		ones, _ := ipNet.Mask.Size()
-		return fmt.Sprintf("%s/%d", ip.String(), ones), net.IP(ipNet.Mask).String()
+		return ip.String(), net.IP(ipNet.Mask).String()
 	}
 
 	return "", ""
diff --git a/server/service/network/ethernet.go b/server/service/network/ethernet.go
new file mode 100644
index 00000000..501d2f82
--- /dev/null
+++ b/server/service/network/ethernet.go
@@ -0,0 +1,468 @@
+package network
+
+import (
+	"fmt"
+	"net"
+	"os"
+	"os/exec"
+	"strings"
+	"time"
+
+	"NanoKVM-Server/proto"
+
+	"github.com/gin-gonic/gin"
+	log "github.com/sirupsen/logrus"
+)
+
+const (
+	ethernetIface             = "eth0"
+	ethernetModeOff           = "off"
+	ethernetIPModeDHCP        = "dhcp"
+	ethernetIPModeManual      = "manual"
+	EthernetMode              = "/etc/kvm/eth.mode"
+	EthernetPasswd            = "/etc/kvm/eth.pass"
+	EthernetIdentity          = "/etc/kvm/eth.identity"
+	EthernetEAP               = "/etc/kvm/eth.eap"
+	EthernetPhase2            = "/etc/kvm/eth.phase2"
+	EthernetAnonymousIdentity = "/etc/kvm/eth.anonymous_identity"
+	EthernetCACert            = "/etc/kvm/eth.ca_cert"
+	EthernetClientCert        = "/etc/kvm/eth.client_cert"
+	EthernetPrivateKey        = "/etc/kvm/eth.private_key"
+	EthernetPrivateKeyPasswd  = "/etc/kvm/eth.private_key_passwd"
+	EthernetDomainSuffixMatch = "/etc/kvm/eth.domain_suffix_match"
+	EthernetStaticConfig      = "/boot/eth.nodhcp"
+	EthernetScript            = "/etc/init.d/S30eth"
+)
+
+func (s *Service) GetEthernet(c *gin.Context) {
+	var rsp proto.Response
+
+	mode := currentEthernetMode()
+
+	rsp.OkRspWithData(c, &proto.GetEthernetRsp{
+		Supported:           supportsWired8021X(),
+		Mode:                mode,
+		Configured:          mode == "enterprise",
+		Connected:           isEthernetConnected(),
+		Interface:           ethernetIface,
+		IPMode:              currentEthernetIPMode(),
+		Address:             readEthernetStaticAddress(),
+		SubnetMask:          readEthernetStaticSubnetMask(),
+		Gateway:             readEthernetStaticGateway(),
+		PasswordSet:         fileExists(EthernetPasswd),
+		Identity:            readTrimmedFile(EthernetIdentity),
+		EAP:                 readTrimmedFile(EthernetEAP),
+		Phase2:              readTrimmedFile(EthernetPhase2),
+		AnonymousIdentity:   readTrimmedFile(EthernetAnonymousIdentity),
+		CACert:              readTrimmedFile(EthernetCACert),
+		ClientCert:          readTrimmedFile(EthernetClientCert),
+		PrivateKey:          readTrimmedFile(EthernetPrivateKey),
+		PrivateKeyPasswdSet: fileExists(EthernetPrivateKeyPasswd),
+		DomainSuffixMatch:   readTrimmedFile(EthernetDomainSuffixMatch),
+	})
+}
+
+func (s *Service) SetEthernet(c *gin.Context) {
+	var req proto.SetEthernetReq
+	var rsp proto.Response
+
+	if err := parseEthernetRequest(c, &req); err != nil {
+		rsp.ErrRsp(c, -1, "invalid parameters")
+		return
+	}
+
+	if err := setEthernet(req); err != nil {
+		rsp.ErrRsp(c, -2, "failed to configure ethernet")
+		return
+	}
+
+	time.Sleep(5 * time.Second)
+
+	rsp.OkRsp(c)
+	log.Debugf("set ethernet config: mode=%q identity_set=%t eap=%q", req.Mode, req.Identity != "", req.EAP)
+}
+
+func parseEthernetRequest(c *gin.Context, req *proto.SetEthernetReq) error {
+	if err := c.ShouldBind(req); err != nil {
+		log.Errorf("parse ethernet request failed, err: %s", err)
+		return err
+	}
+
+	req.Mode = normalizeEthernetMode(req.Mode)
+	req.IPMode = normalizeEthernetIPMode(req.IPMode)
+	req.Address = strings.TrimSpace(req.Address)
+	req.SubnetMask = strings.TrimSpace(req.SubnetMask)
+	req.Gateway = strings.TrimSpace(req.Gateway)
+	req.EAP = strings.TrimSpace(req.EAP)
+	req.Phase2 = strings.TrimSpace(req.Phase2)
+	req.Identity = strings.TrimSpace(req.Identity)
+	req.AnonymousIdentity = strings.TrimSpace(req.AnonymousIdentity)
+	req.CACert = strings.TrimSpace(req.CACert)
+	req.ClientCert = strings.TrimSpace(req.ClientCert)
+	req.PrivateKey = strings.TrimSpace(req.PrivateKey)
+	req.PrivateKeyPasswd = strings.TrimSpace(req.PrivateKeyPasswd)
+	req.DomainSuffixMatch = strings.TrimSpace(req.DomainSuffixMatch)
+	if err := validateEthernetIPConfig(req.IPMode, req.Address, req.SubnetMask, req.Gateway); err != nil {
+		return err
+	}
+
+	if !isEnterpriseWiFiMode(req.Mode) {
+		req.Mode = ethernetModeOff
+		req.IPMode = normalizeEthernetIPMode(req.IPMode)
+		req.Password = ""
+		req.Identity = ""
+		req.EAP = ""
+		req.Phase2 = ""
+		req.AnonymousIdentity = ""
+		req.CACert = ""
+		req.ClientCert = ""
+		req.PrivateKey = ""
+		req.PrivateKeyPasswd = ""
+		req.DomainSuffixMatch = ""
+		return nil
+	}
+
+	if hasLineBreak(req.Password, req.Identity, req.EAP, req.Phase2, req.AnonymousIdentity, req.CACert, req.ClientCert, req.PrivateKey, req.PrivateKeyPasswd, req.DomainSuffixMatch, req.Address, req.SubnetMask, req.Gateway) {
+		return fmt.Errorf("ethernet parameters must not contain line breaks")
+	}
+	if req.EAP == "" {
+		req.EAP = "PEAP"
+	}
+	req.EAP = strings.ToUpper(req.EAP)
+	if !isSupportedEAP(req.EAP) {
+		return fmt.Errorf("unsupported eap method")
+	}
+	if req.Phase2 == "" {
+		req.Phase2 = defaultPhase2(req.EAP)
+	}
+	if req.EAP != "PEAP" && req.EAP != "TTLS" {
+		req.Phase2 = ""
+	}
+	if req.EAP != "TLS" {
+		req.ClientCert = ""
+		req.PrivateKey = ""
+		req.PrivateKeyPasswd = ""
+	}
+	if req.Identity == "" {
+		return fmt.Errorf("identity is required for enterprise ethernet")
+	}
+	if usesPassword(req.EAP) && req.Password == "" && !fileExists(EthernetPasswd) {
+		return fmt.Errorf("password is required for %s", req.EAP)
+	}
+	if req.EAP == "TLS" && (req.ClientCert == "" || req.PrivateKey == "") {
+		return fmt.Errorf("client certificate and private key are required for TLS")
+	}
+	if req.EAP == "TLS" {
+		req.Password = ""
+	}
+
+	return nil
+}
+
+func setEthernet(req proto.SetEthernetReq) error {
+	if err := saveEthernetIPConfig(req.IPMode, req.Address, req.SubnetMask, req.Gateway); err != nil {
+		return err
+	}
+
+	if req.Mode == ethernetModeOff {
+		_ = os.Remove(EthernetPasswd)
+		removeEnterpriseEthernetFiles()
+		return restartEthernet()
+	}
+
+	if strings.TrimSpace(req.Password) != "" {
+		if err := os.WriteFile(EthernetPasswd, []byte(req.Password), 0o600); err != nil {
+			log.Errorf("failed to save ethernet password: %s", err)
+			return err
+		}
+	} else if usesPassword(req.EAP) && !fileExists(EthernetPasswd) {
+		return fmt.Errorf("missing existing ethernet password")
+	}
+	if err := os.WriteFile(EthernetMode, []byte(req.Mode), 0o644); err != nil {
+		log.Errorf("failed to save ethernet mode: %s", err)
+		return err
+	}
+	if err := writeEnterpriseEthernetFiles(req); err != nil {
+		return err
+	}
+
+	return restartEthernet()
+}
+
+func writeEnterpriseEthernetFiles(req proto.SetEthernetReq) error {
+	files := map[string]string{
+		EthernetIdentity:          req.Identity,
+		EthernetEAP:               req.EAP,
+		EthernetPhase2:            req.Phase2,
+		EthernetAnonymousIdentity: req.AnonymousIdentity,
+		EthernetCACert:            req.CACert,
+		EthernetClientCert:        req.ClientCert,
+		EthernetPrivateKey:        req.PrivateKey,
+		EthernetDomainSuffixMatch: req.DomainSuffixMatch,
+	}
+
+	for path, value := range files {
+		if strings.TrimSpace(value) == "" {
+			_ = os.Remove(path)
+			continue
+		}
+		if err := os.WriteFile(path, []byte(value), 0o600); err != nil {
+			log.Errorf("failed to save enterprise ethernet file %s: %s", path, err)
+			return err
+		}
+	}
+
+	if strings.TrimSpace(req.PrivateKeyPasswd) != "" {
+		if err := os.WriteFile(EthernetPrivateKeyPasswd, []byte(req.PrivateKeyPasswd), 0o600); err != nil {
+			log.Errorf("failed to save enterprise ethernet file %s: %s", EthernetPrivateKeyPasswd, err)
+			return err
+		}
+	} else if req.EAP != "TLS" {
+		_ = os.Remove(EthernetPrivateKeyPasswd)
+	}
+
+	return nil
+}
+
+func removeEnterpriseEthernetFiles() {
+	for _, path := range []string{
+		EthernetMode,
+		EthernetIdentity,
+		EthernetEAP,
+		EthernetPhase2,
+		EthernetAnonymousIdentity,
+		EthernetCACert,
+		EthernetClientCert,
+		EthernetPrivateKey,
+		EthernetPrivateKeyPasswd,
+		EthernetDomainSuffixMatch,
+	} {
+		_ = os.Remove(path)
+	}
+}
+
+func restartEthernet() error {
+	cmd := exec.Command(EthernetScript, "restart")
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		log.Errorf("failed to restart ethernet: %s", output)
+		return err
+	}
+
+	return nil
+}
+
+func normalizeEthernetMode(mode string) string {
+	mode = strings.ToLower(strings.TrimSpace(mode))
+	if mode == "" {
+		return ethernetModeOff
+	}
+	return mode
+}
+
+func normalizeEthernetIPMode(mode string) string {
+	mode = strings.ToLower(strings.TrimSpace(mode))
+	if mode == ethernetIPModeManual {
+		return ethernetIPModeManual
+	}
+	return ethernetIPModeDHCP
+}
+
+func currentEthernetMode() string {
+	data, err := os.ReadFile(EthernetMode)
+	if err != nil {
+		return ethernetModeOff
+	}
+
+	mode := strings.TrimSpace(string(data))
+	if !isEnterpriseWiFiMode(mode) {
+		return ethernetModeOff
+	}
+
+	return mode
+}
+
+func readTrimmedFile(path string) string {
+	data, err := os.ReadFile(path)
+	if err != nil {
+		return ""
+	}
+
+	return strings.TrimSpace(string(data))
+}
+
+func fileExists(path string) bool {
+	_, err := os.Stat(path)
+	return err == nil
+}
+
+func validateEthernetIPConfig(mode, address, subnetMask, gateway string) error {
+	if mode != ethernetIPModeManual {
+		return nil
+	}
+	if address == "" {
+		return fmt.Errorf("static ethernet address is required")
+	}
+	ip := net.ParseIP(address)
+	if ip == nil || ip.To4() == nil {
+		return fmt.Errorf("invalid static ethernet address")
+	}
+	if subnetMask == "" {
+		return fmt.Errorf("static ethernet subnet mask is required")
+	}
+	ones, err := subnetMaskToPrefix(subnetMask)
+	if err != nil || ones < 1 || ones > 32 {
+		return fmt.Errorf("invalid static ethernet subnet")
+	}
+	if gateway != "" {
+		gwIP := net.ParseIP(gateway)
+		if gwIP == nil || gwIP.To4() == nil {
+			return fmt.Errorf("invalid static ethernet gateway")
+		}
+	}
+	return nil
+}
+
+func currentEthernetIPMode() string {
+	if fileExists(EthernetStaticConfig) {
+		return ethernetIPModeManual
+	}
+	return ethernetIPModeDHCP
+}
+
+func saveEthernetIPConfig(mode, address, subnetMask, gateway string) error {
+	if mode != ethernetIPModeManual {
+		if err := os.Remove(EthernetStaticConfig); err != nil && !os.IsNotExist(err) {
+			return fmt.Errorf("failed to remove ethernet static config: %w", err)
+		}
+		return nil
+	}
+
+	prefix, err := subnetMaskToPrefix(subnetMask)
+	if err != nil {
+		return fmt.Errorf("failed to parse ethernet subnet mask: %w", err)
+	}
+
+	line := fmt.Sprintf("%s/%d", address, prefix)
+	if gateway != "" {
+		line += " " + gateway
+	}
+	line += "\n"
+	if err := os.WriteFile(EthernetStaticConfig, []byte(line), 0o644); err != nil {
+		return fmt.Errorf("failed to write ethernet static config: %w", err)
+	}
+	return nil
+}
+
+func readEthernetStaticAddress() string {
+	address, _, _ := parseEthernetStaticConfig()
+	return address
+}
+
+func readEthernetStaticSubnetMask() string {
+	_, subnetMask, _ := parseEthernetStaticConfig()
+	return subnetMask
+}
+
+func readEthernetStaticGateway() string {
+	_, _, gateway := parseEthernetStaticConfig()
+	return gateway
+}
+
+func parseEthernetStaticConfig() (string, string, string) {
+	data, err := os.ReadFile(EthernetStaticConfig)
+	if err != nil {
+		return "", "", ""
+	}
+	fields := strings.Fields(string(data))
+	if len(fields) == 0 {
+		return "", "", ""
+	}
+	address := strings.TrimSpace(fields[0])
+	subnetMask := ""
+	gateway := ""
+
+	if strings.Contains(address, "/") {
+		if ip, ipNet, err := net.ParseCIDR(address); err == nil && ip != nil && ip.To4() != nil {
+			address = ip.String()
+			subnetMask = net.IP(ipNet.Mask).String()
+		}
+		if len(fields) > 1 {
+			gateway = strings.TrimSpace(fields[1])
+		}
+		return address, subnetMask, gateway
+	}
+
+	if len(fields) > 1 {
+		second := strings.TrimSpace(fields[1])
+		if isValidSubnetMask(second) {
+			subnetMask = second
+			if len(fields) > 2 {
+				gateway = strings.TrimSpace(fields[2])
+			}
+		} else {
+			gateway = second
+		}
+	}
+
+	return address, subnetMask, gateway
+}
+
+func subnetMaskToPrefix(mask string) (int, error) {
+	ip := net.ParseIP(strings.TrimSpace(mask))
+	if ip == nil || ip.To4() == nil {
+		return 0, fmt.Errorf("invalid subnet mask")
+	}
+
+	ones, bits := net.IPMask(ip.To4()).Size()
+	if bits != 32 || ones < 1 || ones > 32 {
+		return 0, fmt.Errorf("invalid subnet mask")
+	}
+
+	return ones, nil
+}
+
+func isValidSubnetMask(mask string) bool {
+	_, err := subnetMaskToPrefix(mask)
+	return err == nil
+}
+
+func supportsWired8021X() bool {
+	if _, err := os.Stat("/usr/sbin/wpa_supplicant-wired"); err == nil {
+		return true
+	}
+
+	out, err := exec.Command("sh", "-c", "wpa_supplicant -h 2>&1").CombinedOutput()
+	if err != nil {
+		return false
+	}
+
+	return strings.Contains(string(out), "wired = Wired Ethernet driver")
+}
+
+func isEthernetConnected() bool {
+	iface, err := net.InterfaceByName(ethernetIface)
+	if err != nil {
+		return false
+	}
+	if iface.Flags&net.FlagUp == 0 {
+		return false
+	}
+
+	addrs, err := iface.Addrs()
+	if err != nil {
+		return false
+	}
+
+	for _, addr := range addrs {
+		ipNet, ok := addr.(*net.IPNet)
+		if !ok || ipNet.IP == nil || ipNet.IP.IsLoopback() {
+			continue
+		}
+		if ipNet.IP.To4() != nil {
+			return true
+		}
+	}
+
+	return false
+}
diff --git a/server/service/network/wifi.go b/server/service/network/wifi.go
index a5f4d0c1..cdd86103 100644
--- a/server/service/network/wifi.go
+++ b/server/service/network/wifi.go
@@ -3,6 +3,7 @@ package network
 import (
 	"crypto/subtle"
 	"fmt"
+	"net"
 	"os"
 	"os/exec"
 	"strings"
@@ -17,6 +18,8 @@ import (
 const (
 	WiFiExistFile         = "/etc/kvm/wifi_exist"
 	WiFiApModeFile        = "/tmp/wifiap"
+	WiFiIPModeDHCP        = "dhcp"
+	WiFiIPModeManual      = "manual"
 	WiFiSSID              = "/etc/kvm/wifi.ssid"
 	WiFiPasswd            = "/etc/kvm/wifi.pass"
 	WiFiMode              = "/etc/kvm/wifi.mode"
@@ -25,7 +28,11 @@ const (
 	WiFiPhase2            = "/etc/kvm/wifi.phase2"
 	WiFiAnonymousIdentity = "/etc/kvm/wifi.anonymous_identity"
 	WiFiCACert            = "/etc/kvm/wifi.ca_cert"
+	WiFiClientCert        = "/etc/kvm/wifi.client_cert"
+	WiFiPrivateKey        = "/etc/kvm/wifi.private_key"
+	WiFiPrivateKeyPasswd  = "/etc/kvm/wifi.private_key_passwd"
 	WiFiDomainSuffixMatch = "/etc/kvm/wifi.domain_suffix_match"
+	WiFiStaticConfig      = "/boot/wifi.nodhcp"
 	WiFiConnect           = "/kvmapp/kvm/wifi_try_connect"
 	WiFiStateFile         = "/kvmapp/kvm/wifi_state"
 	WiFiScript            = "/etc/init.d/S30wifi"
@@ -35,24 +42,34 @@ const (
 func (s *Service) GetWifi(c *gin.Context) {
 	var rsp proto.Response
 
-	data := &proto.GetWifiRsp{}
-
-	data.Supported = isSupported()
-	if !data.Supported {
-		rsp.OkRspWithData(c, data)
-		return
+	data := &proto.GetWifiRsp{
+		Supported:           isSupported(),
+		ApMode:              isAPMode(),
+		Connected:           isConnected(),
+		Ssid:                readTrimmedFile(WiFiSSID),
+		Mode:                currentWiFiMode(),
+		IPMode:              currentWiFiIPMode(),
+		Address:             readWiFiStaticAddress(),
+		SubnetMask:          readWiFiStaticSubnetMask(),
+		Gateway:             readWiFiStaticGateway(),
+		PasswordSet:         fileExists(WiFiPasswd),
+		Identity:            readTrimmedFile(WiFiIdentity),
+		EAP:                 readTrimmedFile(WiFiEAP),
+		Phase2:              readTrimmedFile(WiFiPhase2),
+		AnonymousIdentity:   readTrimmedFile(WiFiAnonymousIdentity),
+		CACert:              readTrimmedFile(WiFiCACert),
+		ClientCert:          readTrimmedFile(WiFiClientCert),
+		PrivateKey:          readTrimmedFile(WiFiPrivateKey),
+		PrivateKeyPasswdSet: fileExists(WiFiPrivateKeyPasswd),
+		DomainSuffixMatch:   readTrimmedFile(WiFiDomainSuffixMatch),
 	}
 
-	data.ApMode = isAPMode()
-
-	data.Connected = isConnected()
-	if !data.Connected {
+	if !data.Supported {
 		rsp.OkRspWithData(c, data)
 		return
 	}
 
-	data.Ssid = getWiFiSsid()
-	if data.Ssid == "" {
+	if data.Connected && data.Ssid == "" {
 		data.Ssid = "Wi-Fi"
 	}
 
@@ -165,8 +182,10 @@ func (s *Service) DisconnectWifi(c *gin.Context) {
 
 	time.Sleep(5 * time.Second)
 
+	_ = os.Remove(WiFiStaticConfig)
 	_ = os.Remove(WiFiSSID)
 	_ = os.Remove(WiFiPasswd)
+	_ = os.Remove(WiFiMode)
 	removeEnterpriseWiFiFiles()
 
 	rsp.OkRsp(c)
@@ -181,28 +200,65 @@ func parseConnectWifiRequest(c *gin.Context, req *proto.ConnectWifiReq) error {
 
 	req.Ssid = strings.TrimSpace(req.Ssid)
 	req.Mode = normalizeWiFiMode(req.Mode)
+	req.IPMode = normalizeWiFiIPMode(req.IPMode)
+	req.Address = strings.TrimSpace(req.Address)
+	req.SubnetMask = strings.TrimSpace(req.SubnetMask)
+	req.Gateway = strings.TrimSpace(req.Gateway)
 	req.EAP = strings.TrimSpace(req.EAP)
 	req.Phase2 = strings.TrimSpace(req.Phase2)
 	req.Identity = strings.TrimSpace(req.Identity)
 	req.AnonymousIdentity = strings.TrimSpace(req.AnonymousIdentity)
 	req.CACert = strings.TrimSpace(req.CACert)
+	req.ClientCert = strings.TrimSpace(req.ClientCert)
+	req.PrivateKey = strings.TrimSpace(req.PrivateKey)
+	req.PrivateKeyPasswd = strings.TrimSpace(req.PrivateKeyPasswd)
 	req.DomainSuffixMatch = strings.TrimSpace(req.DomainSuffixMatch)
 
-	if req.Ssid == "" || req.Password == "" {
-		return fmt.Errorf("ssid and password are required")
+	if req.Ssid == "" {
+		return fmt.Errorf("ssid is required")
 	}
-	if isEnterpriseWiFiMode(req.Mode) && req.Identity == "" {
-		return fmt.Errorf("identity is required for enterprise wifi")
+	if err := validateWiFiIPConfig(req.IPMode, req.Address, req.SubnetMask, req.Gateway); err != nil {
+		return err
+	}
+	if !isEnterpriseWiFiMode(req.Mode) && req.Password == "" && !fileExists(WiFiPasswd) {
+		return fmt.Errorf("password is required")
 	}
-	if hasLineBreak(req.Ssid, req.Password, req.Identity, req.EAP, req.Phase2, req.AnonymousIdentity, req.CACert, req.DomainSuffixMatch) {
+	if hasLineBreak(req.Ssid, req.Password, req.Identity, req.EAP, req.Phase2, req.AnonymousIdentity, req.CACert, req.ClientCert, req.PrivateKey, req.PrivateKeyPasswd, req.DomainSuffixMatch, req.Address, req.SubnetMask, req.Gateway) {
 		return fmt.Errorf("wifi parameters must not contain line breaks")
 	}
 
 	if req.EAP == "" {
 		req.EAP = "PEAP"
 	}
+	req.EAP = strings.ToUpper(req.EAP)
+	if !isSupportedEAP(req.EAP) {
+		return fmt.Errorf("unsupported eap method")
+	}
 	if req.Phase2 == "" {
-		req.Phase2 = "auth=MSCHAPV2"
+		req.Phase2 = defaultPhase2(req.EAP)
+	}
+	if req.EAP != "PEAP" && req.EAP != "TTLS" {
+		req.Phase2 = ""
+	}
+	if req.EAP != "TLS" {
+		req.ClientCert = ""
+		req.PrivateKey = ""
+		req.PrivateKeyPasswd = ""
+	}
+
+	if isEnterpriseWiFiMode(req.Mode) {
+		if req.Identity == "" {
+			return fmt.Errorf("identity is required for enterprise wifi")
+		}
+		if usesPassword(req.EAP) && req.Password == "" && !fileExists(WiFiPasswd) {
+			return fmt.Errorf("password is required for %s", req.EAP)
+		}
+		if req.EAP == "TLS" && (req.ClientCert == "" || req.PrivateKey == "") {
+			return fmt.Errorf("client certificate and private key are required for TLS")
+		}
+		if req.EAP == "TLS" {
+			req.Password = ""
+		}
 	}
 
 	log.Debugf("wifi connect request: ssid=%q mode=%q identity_set=%t", req.Ssid, req.Mode, req.Identity != "")
@@ -221,6 +277,23 @@ func isEnterpriseWiFiMode(mode string) bool {
 	return mode == "enterprise" || mode == "8021x" || mode == "wpa-eap"
 }
 
+func defaultPhase2(eap string) string {
+	switch eap {
+	case "PEAP", "TTLS":
+		return "auth=MSCHAPV2"
+	default:
+		return ""
+	}
+}
+
+func usesPassword(eap string) bool {
+	return eap == "PEAP" || eap == "TTLS" || eap == "PWD" || eap == "LEAP"
+}
+
+func isSupportedEAP(eap string) bool {
+	return eap == "PEAP" || eap == "TTLS" || eap == "TLS" || eap == "PWD" || eap == "LEAP"
+}
+
 func hasLineBreak(values ...string) bool {
 	for _, value := range values {
 		if strings.ContainsAny(value, "\r\n") {
@@ -231,14 +304,22 @@ func hasLineBreak(values ...string) bool {
 }
 
 func connect(req proto.ConnectWifiReq) error {
+	if err := saveWiFiIPConfig(req.IPMode, req.Address, req.SubnetMask, req.Gateway); err != nil {
+		return err
+	}
+
 	if err := os.WriteFile(WiFiSSID, []byte(req.Ssid), 0o644); err != nil {
 		log.Errorf("failed to save wifi ssid: %s", err)
 		return err
 	}
 
-	if err := os.WriteFile(WiFiPasswd, []byte(req.Password), 0o600); err != nil {
-		log.Errorf("failed to save wifi password: %s", err)
-		return err
+	if strings.TrimSpace(req.Password) != "" {
+		if err := os.WriteFile(WiFiPasswd, []byte(req.Password), 0o600); err != nil {
+			log.Errorf("failed to save wifi password: %s", err)
+			return err
+		}
+	} else if !fileExists(WiFiPasswd) {
+		return fmt.Errorf("missing existing wifi password")
 	}
 
 	if err := os.WriteFile(WiFiMode, []byte(req.Mode), 0o644); err != nil {
@@ -262,6 +343,133 @@ func connect(req proto.ConnectWifiReq) error {
 	return nil
 }
 
+func normalizeWiFiIPMode(mode string) string {
+	mode = strings.ToLower(strings.TrimSpace(mode))
+	if mode == WiFiIPModeManual {
+		return WiFiIPModeManual
+	}
+	return WiFiIPModeDHCP
+}
+
+func currentWiFiMode() string {
+	mode := readTrimmedFile(WiFiMode)
+	if isEnterpriseWiFiMode(mode) {
+		return "enterprise"
+	}
+	return "psk"
+}
+
+func validateWiFiIPConfig(mode, address, subnetMask, gateway string) error {
+	if mode != WiFiIPModeManual {
+		return nil
+	}
+	if address == "" {
+		return fmt.Errorf("static wifi address is required")
+	}
+	ip := net.ParseIP(address)
+	if ip == nil || ip.To4() == nil {
+		return fmt.Errorf("invalid static wifi address")
+	}
+	if subnetMask == "" {
+		return fmt.Errorf("static wifi subnet mask is required")
+	}
+	if _, err := subnetMaskToPrefix(subnetMask); err != nil {
+		return fmt.Errorf("invalid static wifi subnet")
+	}
+	if gateway != "" {
+		gwIP := net.ParseIP(gateway)
+		if gwIP == nil || gwIP.To4() == nil {
+			return fmt.Errorf("invalid static wifi gateway")
+		}
+	}
+	return nil
+}
+
+func currentWiFiIPMode() string {
+	if fileExists(WiFiStaticConfig) {
+		return WiFiIPModeManual
+	}
+	return WiFiIPModeDHCP
+}
+
+func saveWiFiIPConfig(mode, address, subnetMask, gateway string) error {
+	if mode != WiFiIPModeManual {
+		if err := os.Remove(WiFiStaticConfig); err != nil && !os.IsNotExist(err) {
+			return fmt.Errorf("failed to remove wifi static config: %w", err)
+		}
+		return nil
+	}
+
+	prefix, err := subnetMaskToPrefix(subnetMask)
+	if err != nil {
+		return fmt.Errorf("failed to parse wifi subnet mask: %w", err)
+	}
+
+	line := fmt.Sprintf("%s/%d", address, prefix)
+	if gateway != "" {
+		line += " " + gateway
+	}
+	line += "\n"
+	if err := os.WriteFile(WiFiStaticConfig, []byte(line), 0o644); err != nil {
+		return fmt.Errorf("failed to write wifi static config: %w", err)
+	}
+	return nil
+}
+
+func readWiFiStaticAddress() string {
+	address, _, _ := parseWiFiStaticConfig()
+	return address
+}
+
+func readWiFiStaticSubnetMask() string {
+	_, subnetMask, _ := parseWiFiStaticConfig()
+	return subnetMask
+}
+
+func readWiFiStaticGateway() string {
+	_, _, gateway := parseWiFiStaticConfig()
+	return gateway
+}
+
+func parseWiFiStaticConfig() (string, string, string) {
+	data, err := os.ReadFile(WiFiStaticConfig)
+	if err != nil {
+		return "", "", ""
+	}
+	fields := strings.Fields(string(data))
+	if len(fields) == 0 {
+		return "", "", ""
+	}
+	address := strings.TrimSpace(fields[0])
+	subnetMask := ""
+	gateway := ""
+
+	if strings.Contains(address, "/") {
+		if ip, ipNet, err := net.ParseCIDR(address); err == nil && ip != nil && ip.To4() != nil {
+			address = ip.String()
+			subnetMask = net.IP(ipNet.Mask).String()
+		}
+		if len(fields) > 1 {
+			gateway = strings.TrimSpace(fields[1])
+		}
+		return address, subnetMask, gateway
+	}
+
+	if len(fields) > 1 {
+		second := strings.TrimSpace(fields[1])
+		if isValidSubnetMask(second) {
+			subnetMask = second
+			if len(fields) > 2 {
+				gateway = strings.TrimSpace(fields[2])
+			}
+		} else {
+			gateway = second
+		}
+	}
+
+	return address, subnetMask, gateway
+}
+
 func writeEnterpriseWiFiFiles(req proto.ConnectWifiReq) error {
 	files := map[string]string{
 		WiFiIdentity:          req.Identity,
@@ -269,6 +477,8 @@ func writeEnterpriseWiFiFiles(req proto.ConnectWifiReq) error {
 		WiFiPhase2:            req.Phase2,
 		WiFiAnonymousIdentity: req.AnonymousIdentity,
 		WiFiCACert:            req.CACert,
+		WiFiClientCert:        req.ClientCert,
+		WiFiPrivateKey:        req.PrivateKey,
 		WiFiDomainSuffixMatch: req.DomainSuffixMatch,
 	}
 
@@ -283,6 +493,15 @@ func writeEnterpriseWiFiFiles(req proto.ConnectWifiReq) error {
 		}
 	}
 
+	if strings.TrimSpace(req.PrivateKeyPasswd) != "" {
+		if err := os.WriteFile(WiFiPrivateKeyPasswd, []byte(req.PrivateKeyPasswd), 0o600); err != nil {
+			log.Errorf("failed to save enterprise wifi file %s: %s", WiFiPrivateKeyPasswd, err)
+			return err
+		}
+	} else if req.EAP != "TLS" {
+		_ = os.Remove(WiFiPrivateKeyPasswd)
+	}
+
 	return nil
 }
 
@@ -294,6 +513,9 @@ func removeEnterpriseWiFiFiles() {
 		WiFiPhase2,
 		WiFiAnonymousIdentity,
 		WiFiCACert,
+		WiFiClientCert,
+		WiFiPrivateKey,
+		WiFiPrivateKeyPasswd,
 		WiFiDomainSuffixMatch,
 	} {
 		_ = os.Remove(path)
diff --git a/web/src/api/network.ts b/web/src/api/network.ts
index c27e0d30..b0805eab 100644
--- a/web/src/api/network.ts
+++ b/web/src/api/network.ts
@@ -2,14 +2,42 @@ import { http } from '@/lib/http.ts';
 
 export type DNSMode = 'manual' | 'dhcp';
 export type WiFiSecurityMode = 'psk' | 'enterprise';
+export type EthernetSecurityMode = 'off' | 'enterprise';
+export type EthernetIPMode = 'manual' | 'dhcp';
+export type WiFiIPMode = EthernetIPMode;
 
 export type ConnectWifiOptions = {
   mode?: WiFiSecurityMode;
+  ipMode?: WiFiIPMode;
+  address?: string;
+  subnetMask?: string;
+  gateway?: string;
   identity?: string;
   eap?: string;
   phase2?: string;
   anonymousIdentity?: string;
   caCert?: string;
+  clientCert?: string;
+  privateKey?: string;
+  privateKeyPasswd?: string;
+  domainSuffixMatch?: string;
+};
+
+export type Ethernet8021XOptions = {
+  mode?: EthernetSecurityMode;
+  ipMode?: EthernetIPMode;
+  address?: string;
+  subnetMask?: string;
+  gateway?: string;
+  password?: string;
+  identity?: string;
+  eap?: string;
+  phase2?: string;
+  anonymousIdentity?: string;
+  caCert?: string;
+  clientCert?: string;
+  privateKey?: string;
+  privateKeyPasswd?: string;
   domainSuffixMatch?: string;
 };
 
@@ -90,6 +118,14 @@ export function disconnectWifi() {
   return http.post('/api/network/wifi/disconnect');
 }
 
+export function getEthernet() {
+  return http.get('/api/network/ethernet');
+}
+
+export function setEthernet(options: Ethernet8021XOptions = {}) {
+  return http.post('/api/network/ethernet', options);
+}
+
 export function getDNS() {
   return http.get('/api/network/dns');
 }
diff --git a/web/src/i18n/locales/en.ts b/web/src/i18n/locales/en.ts
index 7148c5a9..64f0efd3 100644
--- a/web/src/i18n/locales/en.ts
+++ b/web/src/i18n/locales/en.ts
@@ -375,14 +375,58 @@ const en = {
           connect: 'Join Wi-Fi',
           connectDesc1: 'Please enter the network ssid and password',
           connectDesc2: 'Please enter the password to join this network',
+          ipConfig: 'IP configuration',
+          ipConfigDescription: 'Choose DHCP or set a static address for this Wi-Fi connection',
           disconnect: 'Are you sure to disconnect the network?',
           failed: 'Connection failed, please try again.',
           ssid: 'Name',
           password: 'Password',
+          security: 'Security',
+          personal: 'Personal / WPA-PSK',
+          enterprise: 'Enterprise / 802.1X',
+          identity: 'Identity / Username',
+          authentication: 'Authentication',
+          innerAuthentication: 'Inner authentication',
+          anonymousIdentity: 'Anonymous identity (optional)',
+          caCert: 'CA certificate path (optional)',
+          domainSuffixMatch: 'Domain suffix match (optional)',
+          clientCert: 'Client certificate path',
+          privateKey: 'Private key path',
+          privateKeyPasswd: 'Private key password (optional)',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS (Certificate)',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
           joinBtn: 'Join',
           confirmBtn: 'Ok',
           cancelBtn: 'Cancel'
         },
+        ethernet: {
+          title: 'Ethernet',
+          description: 'Configure IP settings and optional 802.1X authentication',
+          connect: 'Configure Ethernet',
+          connectDesc: 'Set IP configuration for {{iface}} and enable 802.1X if your network requires it',
+          ipConfig: 'IP configuration',
+          ipConfigDescription: 'Choose DHCP or set a static address for this wired interface',
+          authTitle: '802.1X authentication',
+          authDescription: 'Enable this only if your wired network requires username, password, or certificate authentication',
+          addressPlaceholder: 'Static IP address (e.g. 192.168.1.10)',
+          gatewayPlaceholder: 'Gateway (optional)',
+          passwordUnchanged: 'No change',
+          privateKeyPasswdUnchanged: 'No change',
+          off: 'Disabled',
+          enterprise: 'Enterprise / 802.1X',
+          active: '802.1X enabled',
+          inactive: '802.1X configured, waiting for authentication',
+          failed: 'Failed to configure Ethernet 802.1X, please try again.'
+        },
         tls: {
           description: 'Enable HTTPS protocol',
           tip: 'Be aware: Using HTTPS can increase latency, especially with MJPEG video mode.'
@@ -406,9 +450,14 @@ const en = {
           manualServersDescription: 'DNS servers can be edited manually',
           networkDetails: 'Network Details',
           interface: 'Interface',
+          wired: 'Wired',
+          wireless: 'Wireless',
           ipAddress: 'IP Address',
           subnetMask: 'Subnet Mask',
           router: 'Router',
+          signalStrength: 'Signal Strength',
+          rxRate: 'Receive Rate',
+          txRate: 'Transmit Rate',
           none: 'None'
         }
       },
diff --git a/web/src/i18n/locales/zh.ts b/web/src/i18n/locales/zh.ts
index f11277be..e6ec1a62 100644
--- a/web/src/i18n/locales/zh.ts
+++ b/web/src/i18n/locales/zh.ts
@@ -367,14 +367,58 @@ const zh = {
           connect: '连接 Wi-Fi',
           connectDesc1: '请输入网络名称和密码',
           connectDesc2: '请输入密码以连接此网络',
+          ipConfig: 'IP 配置',
+          ipConfigDescription: '为此 Wi-Fi 连接选择 DHCP 或设置静态地址',
           disconnect: '是否要断开该网络连接？',
           failed: '连接失败，请重试',
           ssid: '名称',
           password: '密码',
+          security: '安全性',
+          personal: '个人 / WPA-PSK',
+          enterprise: '企业 / 802.1X',
+          identity: '身份 / 用户名',
+          authentication: '认证方式',
+          innerAuthentication: '内部认证',
+          anonymousIdentity: '匿名身份（可选）',
+          caCert: 'CA 证书路径（可选）',
+          domainSuffixMatch: '域名后缀匹配（可选）',
+          clientCert: '客户端证书路径',
+          privateKey: '私钥路径',
+          privateKeyPasswd: '私钥密码（可选）',
+          eapPeap: '受保护的 EAP (PEAP)',
+          eapTtls: '隧道 TLS (TTLS)',
+          eapTls: 'TLS（证书）',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
           joinBtn: '加入',
           confirmBtn: '确定',
           cancelBtn: '取消'
         },
+        ethernet: {
+          title: '有线网络',
+          description: '配置 IP 信息和可选的 802.1X 认证',
+          connect: '配置有线网络',
+          connectDesc: '为 {{iface}} 配置 IP 信息，并在需要时启用 802.1X 认证',
+          ipConfig: 'IP 配置',
+          ipConfigDescription: '为此有线接口选择 DHCP 或设置静态地址',
+          authTitle: '802.1X 认证',
+          authDescription: '仅当你的有线网络需要用户名、密码或证书认证时才启用',
+          addressPlaceholder: '静态 IP 地址（例如 192.168.1.10）',
+          gatewayPlaceholder: '网关（可选）',
+          passwordUnchanged: '不修改',
+          privateKeyPasswdUnchanged: '不修改',
+          off: '已禁用',
+          enterprise: '企业 / 802.1X',
+          active: '802.1X 已启用',
+          inactive: '802.1X 已配置，等待认证',
+          failed: '配置有线网络 802.1X 失败，请重试。'
+        },
         tls: {
           description: '启用 HTTPS 协议',
           tip: '注意：使用 HTTPS 可能导致延迟增加，特别是在 MJPEG 视频模式下。'
@@ -398,9 +442,14 @@ const zh = {
           manualServersDescription: 'DNS 服务器可以手动编辑',
           networkDetails: '网络详情',
           interface: '接口',
+          wired: '有线',
+          wireless: '无线',
           ipAddress: 'IP 地址',
           subnetMask: '子网掩码',
           router: '路由器',
+          signalStrength: '信号强度',
+          rxRate: '接收速率',
+          txRate: '发送速率',
           none: '无'
         }
       },
diff --git a/web/src/i18n/locales/zh_tw.ts b/web/src/i18n/locales/zh_tw.ts
index e2aa1bf5..5faf8081 100644
--- a/web/src/i18n/locales/zh_tw.ts
+++ b/web/src/i18n/locales/zh_tw.ts
@@ -367,14 +367,58 @@ const zh_tw = {
           connect: '連線 Wi-Fi',
           connectDesc1: '請輸入網路名稱和密碼',
           connectDesc2: '請輸入密碼以連線此網路',
+          ipConfig: 'IP 設定',
+          ipConfigDescription: '為此 Wi-Fi 連線選擇 DHCP 或設定靜態位址',
           disconnect: '是否要中斷該網路連線？',
           failed: '連線失敗，請重試',
           ssid: 'SSID 名稱',
           password: '密碼',
+          security: '安全性',
+          personal: '個人 / WPA-PSK',
+          enterprise: '企業 / 802.1X',
+          identity: '身分 / 使用者名稱',
+          authentication: '認證方式',
+          innerAuthentication: '內部認證',
+          anonymousIdentity: '匿名身分（選填）',
+          caCert: 'CA 憑證路徑（選填）',
+          domainSuffixMatch: '網域後綴比對（選填）',
+          clientCert: '用戶端憑證路徑',
+          privateKey: '私鑰路徑',
+          privateKeyPasswd: '私鑰密碼（選填）',
+          eapPeap: '受保護的 EAP (PEAP)',
+          eapTtls: '通道 TLS (TTLS)',
+          eapTls: 'TLS（憑證）',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
           joinBtn: '加入',
           confirmBtn: '確定',
           cancelBtn: '取消'
         },
+        ethernet: {
+          title: '有線網路',
+          description: '設定 IP 資訊與可選的 802.1X 驗證',
+          connect: '設定有線網路',
+          connectDesc: '為 {{iface}} 設定 IP 資訊，並在需要時啟用 802.1X 驗證',
+          ipConfig: 'IP 設定',
+          ipConfigDescription: '為此有線介面選擇 DHCP 或設定靜態位址',
+          authTitle: '802.1X 驗證',
+          authDescription: '僅在你的有線網路需要使用者名稱、密碼或憑證驗證時啟用',
+          addressPlaceholder: '靜態 IP 位址（例如 192.168.1.10）',
+          gatewayPlaceholder: '閘道（可選）',
+          passwordUnchanged: '不變更',
+          privateKeyPasswdUnchanged: '不變更',
+          off: '已停用',
+          enterprise: '企業 / 802.1X',
+          active: '802.1X 已啟用',
+          inactive: '802.1X 已設定，等待驗證',
+          failed: '設定有線網路 802.1X 失敗，請重試。'
+        },
         tls: {
           description: '啟用 HTTPS 協議',
           tip: '啟用 HTTPS 可以提高安全性，但可能會增加傳輸延遲，特別是使用 MJPEG 格式傳輸時。'
@@ -398,9 +442,14 @@ const zh_tw = {
           manualServersDescription: 'DNS 伺服器可以手動編輯',
           networkDetails: '網路詳細資訊',
           interface: '介面',
+          wired: '有線',
+          wireless: '無線',
           ipAddress: 'IP 位址',
           subnetMask: '子網路遮罩',
           router: '路由器',
+          signalStrength: '訊號強度',
+          rxRate: '接收速率',
+          txRate: '傳送速率',
           none: '無'
         }
       },
diff --git a/web/src/pages/desktop/menu/settings/network/dns.tsx b/web/src/pages/desktop/menu/settings/network/dns.tsx
index 399c7321..5ec5c549 100644
--- a/web/src/pages/desktop/menu/settings/network/dns.tsx
+++ b/web/src/pages/desktop/menu/settings/network/dns.tsx
@@ -11,26 +11,10 @@ type DNSState = {
   mode: DNSMode;
   servers: string[];
   dhcp: string[];
-  info: DNSInfo;
-};
-
-type DNSInfo = {
-  interface?: string;
-  type?: string;
-  address?: string;
-  subnetMask?: string;
-  gateway?: string;
 };
 
 const maxServers = 6;
 
-function formatInterface(info: DNSInfo) {
-  if (!info.interface) return '';
-  if (!info.type) return info.interface;
-
-  return `${info.type} (${info.interface})`;
-}
-
 function normalizeServers(servers: string[]) {
   const seen = new Set<string>();
   const normalized: string[] = [];
@@ -100,31 +84,6 @@ const Panel = ({
   );
 };
 
-const InfoRow = ({
-  label,
-  value,
-  isLast = false
-}: {
-  label: string;
-  value?: string;
-  isLast?: boolean;
-}) => {
-  return (
-    <div className="px-4">
-      <div
-        className={`flex min-h-[44px] items-center justify-between ${
-          isLast ? '' : 'border-b border-neutral-700/50'
-        }`}
-      >
-        <span className="text-sm text-neutral-300">{label}</span>
-        <span className="max-w-[330px] break-all text-right text-sm text-neutral-500">
-          {value || '-'}
-        </span>
-      </div>
-    </div>
-  );
-};
-
 const ServerList = ({ servers }: { servers: string[] }) => {
   const { t } = useTranslation();
 
@@ -202,7 +161,6 @@ export const DNS = () => {
   const [servers, setServers] = useState<string[]>([]);
   const [originalServers, setOriginalServers] = useState<string[]>([]);
   const [dhcp, setDHCP] = useState<string[]>([]);
-  const [info, setInfo] = useState<DNSInfo>({});
 
   const [isLoading, setIsLoading] = useState(false);
   const [isSaving, setIsSaving] = useState(false);
@@ -233,7 +191,6 @@ export const DNS = () => {
       setServers(fetchedServers);
       setOriginalServers(fetchedServers);
       setDHCP(data.dhcp || []);
-      setInfo(data.info || {});
     } catch (err) {
       console.log(err);
     } finally {
@@ -347,74 +304,63 @@ export const DNS = () => {
         />
       </div>
 
-      <div className="space-y-5">
-        <Panel title={t('settings.network.dns.networkDetails')}>
-          <InfoRow label={t('settings.network.dns.interface')} value={formatInterface(info)} />
-          <InfoRow label={t('settings.network.dns.ipAddress')} value={info.address} />
-          <InfoRow label={t('settings.network.dns.subnetMask')} value={info.subnetMask} />
-          <InfoRow label={t('settings.network.dns.router')} value={info.gateway} isLast />
-        </Panel>
-
-        <Panel title={t('settings.network.dns.dnsServers')} description={serversDescription}>
-          {mode === 'manual' ? (
-            <div>
-              {servers.length === 0 ? (
-                <div className="px-4 py-3 text-sm text-neutral-500">
-                  {t('settings.network.dns.none')}
-                </div>
-              ) : (
-                servers.map((server, index) => (
-                  <EditableServerRow
-                    key={index}
-                    value={server}
-                    autoFocus={focusNewRow && index === servers.length - 1}
-                    onChange={(val) => updateServer(index, val)}
-                    onRemove={() => removeServer(index)}
+      <Panel title={t('settings.network.dns.dnsServers')} description={serversDescription}>
+        {mode === 'manual' ? (
+          <div>
+            {servers.length === 0 ? (
+              <div className="px-4 py-3 text-sm text-neutral-500">
+                {t('settings.network.dns.none')}
+              </div>
+            ) : (
+              servers.map((server, index) => (
+                <EditableServerRow
+                  key={index}
+                  value={server}
+                  autoFocus={focusNewRow && index === servers.length - 1}
+                  onChange={(val) => updateServer(index, val)}
+                  onRemove={() => removeServer(index)}
+                />
+              ))
+            )}
+
+            {canAdd && (
+              <div className="px-4 py-1.5 pb-3">
+                <div className="flex items-center gap-2">
+                  <Button
+                    type="dashed"
+                    className="flex-1"
+                    icon={<PlusIcon size={14} />}
+                    onClick={addServer}
+                  >
+                    {t('settings.network.dns.add')}
+                  </Button>
+                  <Button
+                    type="text"
+                    size="small"
+                    className="invisible shrink-0"
+                    icon={<XIcon size={14} />}
                   />
-                ))
-              )}
-
-              {/* Add server button */}
-              {canAdd && (
-                <div className="px-4 py-1.5 pb-3">
-                  <div className="flex items-center gap-2">
-                    <Button
-                      type="dashed"
-                      className="flex-1"
-                      icon={<PlusIcon size={14} />}
-                      onClick={addServer}
-                    >
-                      {t('settings.network.dns.add')}
-                    </Button>
-                    <Button
-                      type="text"
-                      size="small"
-                      className="invisible shrink-0"
-                      icon={<XIcon size={14} />}
-                    />
-                  </div>
                 </div>
-              )}
-
-              {/* Validation hints */}
-              {(hasInvalidServer || isExceedMax) && (
-                <div className="space-y-1 px-4 pb-3">
-                  {hasInvalidServer && (
-                    <div className="text-xs text-red-400">{t('settings.network.dns.invalid')}</div>
-                  )}
-                  {isExceedMax && (
-                    <div className="text-xs text-red-400">
-                      {t('settings.network.dns.maxServers', { count: maxServers })}
-                    </div>
-                  )}
-                </div>
-              )}
-            </div>
-          ) : (
-            <ServerList servers={dhcp} />
-          )}
-        </Panel>
-      </div>
+              </div>
+            )}
+
+            {(hasInvalidServer || isExceedMax) && (
+              <div className="space-y-1 px-4 pb-3">
+                {hasInvalidServer && (
+                  <div className="text-xs text-red-400">{t('settings.network.dns.invalid')}</div>
+                )}
+                {isExceedMax && (
+                  <div className="text-xs text-red-400">
+                    {t('settings.network.dns.maxServers', { count: maxServers })}
+                  </div>
+                )}
+              </div>
+            )}
+          </div>
+        ) : (
+          <ServerList servers={dhcp} />
+        )}
+      </Panel>
 
       {/* Footer: status + save button */}
       {(hasChanges || statusText) && (
diff --git a/web/src/pages/desktop/menu/settings/network/ethernet.tsx b/web/src/pages/desktop/menu/settings/network/ethernet.tsx
new file mode 100644
index 00000000..6ea36e72
--- /dev/null
+++ b/web/src/pages/desktop/menu/settings/network/ethernet.tsx
@@ -0,0 +1,413 @@
+import { useEffect, useState } from 'react';
+import { ApiOutlined, LockOutlined, UserOutlined } from '@ant-design/icons';
+import { Button, Input, Modal, Segmented, Select, Switch } from 'antd';
+import { useTranslation } from 'react-i18next';
+
+import * as api from '@/api/network.ts';
+import type { EthernetIPMode, EthernetSecurityMode } from '@/api/network.ts';
+
+type EAPMethod = 'PEAP' | 'TTLS' | 'TLS' | 'PWD' | 'LEAP';
+
+const getDefaultPhase2 = (eap: EAPMethod) => {
+  if (eap === 'PEAP' || eap === 'TTLS') return 'auth=MSCHAPV2';
+  return '';
+};
+
+const getEapOptions = (t: (key: string) => string) => [
+  { value: 'PEAP', label: t('settings.network.wifi.eapPeap') },
+  { value: 'TTLS', label: t('settings.network.wifi.eapTtls') },
+  { value: 'TLS', label: t('settings.network.wifi.eapTls') },
+  { value: 'PWD', label: t('settings.network.wifi.eapPwd') },
+  { value: 'LEAP', label: t('settings.network.wifi.eapLeap') }
+];
+
+const getInnerAuthOptions = (eap: EAPMethod, t: (key: string) => string) => {
+  const peapInnerAuthOptions = [
+    { value: 'auth=MSCHAPV2', label: t('settings.network.wifi.authMschapv2') },
+    { value: 'auth=GTC', label: t('settings.network.wifi.authGtc') },
+    { value: 'auth=MD5', label: t('settings.network.wifi.authMd5') }
+  ];
+  const ttlsInnerAuthOptions = [
+    { value: 'auth=MSCHAPV2', label: t('settings.network.wifi.authMschapv2') },
+    { value: 'auth=MSCHAP', label: t('settings.network.wifi.authMschap') },
+    { value: 'auth=CHAP', label: t('settings.network.wifi.authChap') },
+    { value: 'auth=PAP', label: t('settings.network.wifi.authPap') }
+  ];
+  if (eap === 'PEAP') return peapInnerAuthOptions;
+  if (eap === 'TTLS') return ttlsInnerAuthOptions;
+  return [];
+};
+
+const usesPassword = (eap: EAPMethod) => eap !== 'TLS';
+const usesInnerAuth = (eap: EAPMethod) => eap === 'PEAP' || eap === 'TTLS';
+
+function isValidIPv4(value: string) {
+  const parts = value.split('.');
+  if (parts.length !== 4) return false;
+
+  return parts.every((part) => {
+    if (!/^\d+$/.test(part)) return false;
+    if (part.length > 1 && part.startsWith('0')) return false;
+
+    const number = Number(part);
+    return number >= 0 && number <= 255;
+  });
+}
+
+function isValidSubnetMask(value: string) {
+  const parts = value.split('.');
+  if (parts.length !== 4) return false;
+
+  const bytes = parts.map((part) => {
+    if (!/^\d+$/.test(part)) return NaN;
+    const number = Number(part);
+    if (number < 0 || number > 255) return NaN;
+    return number;
+  });
+  if (bytes.some(Number.isNaN)) return false;
+
+  const mask = bytes
+    .map((byte) => byte.toString(2).padStart(8, '0'))
+    .join('');
+  if (!/^1*0*$/.test(mask)) return false;
+
+  const ones = mask.indexOf('0') === -1 ? 32 : mask.indexOf('0');
+  return ones >= 1 && ones <= 32;
+}
+
+export const Ethernet = () => {
+  const { t } = useTranslation();
+
+  const [configured, setConfigured] = useState(false);
+  const [connected, setConnected] = useState(false);
+  const [iface, setIface] = useState('eth0');
+
+  const [isModalOpen, setIsModalOpen] = useState(false);
+  const [mode, setMode] = useState<EthernetSecurityMode>('off');
+  const [ipMode, setIPMode] = useState<EthernetIPMode>('dhcp');
+  const [address, setAddress] = useState('');
+  const [subnetMask, setSubnetMask] = useState('');
+  const [gateway, setGateway] = useState('');
+  const [password, setPassword] = useState('');
+  const [passwordSet, setPasswordSet] = useState(false);
+  const [identity, setIdentity] = useState('');
+  const [eap, setEap] = useState<EAPMethod>('PEAP');
+  const [phase2, setPhase2] = useState('auth=MSCHAPV2');
+  const [anonymousIdentity, setAnonymousIdentity] = useState('');
+  const [caCert, setCaCert] = useState('');
+  const [clientCert, setClientCert] = useState('');
+  const [privateKey, setPrivateKey] = useState('');
+  const [privateKeyPasswd, setPrivateKeyPasswd] = useState('');
+  const [privateKeyPasswdSet, setPrivateKeyPasswdSet] = useState(false);
+  const [domainSuffixMatch, setDomainSuffixMatch] = useState('');
+  const [status, setStatus] = useState<'' | 'saving'>('');
+  const [message, setMessage] = useState('');
+
+  useEffect(() => {
+    getEthernet();
+  }, []);
+
+  async function getEthernet() {
+    try {
+      const rsp = await api.getEthernet();
+      if (rsp.code !== 0) return;
+
+      setConfigured(!!rsp.data?.configured);
+      setConnected(!!rsp.data?.connected);
+      setIface(rsp.data?.interface || 'eth0');
+      setMode(rsp.data?.mode === 'enterprise' ? 'enterprise' : 'off');
+      setIPMode(rsp.data?.ipMode === 'manual' ? 'manual' : 'dhcp');
+      setAddress(rsp.data?.address || '');
+      setSubnetMask(rsp.data?.subnetMask || '');
+      setGateway(rsp.data?.gateway || '');
+      setPassword('');
+      setPasswordSet(!!rsp.data?.passwordSet);
+      setIdentity(rsp.data?.identity || '');
+      setEap((rsp.data?.eap as EAPMethod) || 'PEAP');
+      setPhase2(rsp.data?.phase2 || 'auth=MSCHAPV2');
+      setAnonymousIdentity(rsp.data?.anonymousIdentity || '');
+      setCaCert(rsp.data?.caCert || '');
+      setClientCert(rsp.data?.clientCert || '');
+      setPrivateKey(rsp.data?.privateKey || '');
+      setPrivateKeyPasswd('');
+      setPrivateKeyPasswdSet(!!rsp.data?.privateKeyPasswdSet);
+      setDomainSuffixMatch(rsp.data?.domainSuffixMatch || '');
+    } catch {
+      /* empty */
+    }
+  }
+
+  async function save() {
+    setMessage('');
+
+    if (mode === 'enterprise' && !identity) return;
+    if (mode === 'enterprise' && usesPassword(eap) && !password && !passwordSet) return;
+    if (mode === 'enterprise' && eap === 'TLS' && (!clientCert || !privateKey)) return;
+    if (ipMode === 'manual' && !isValidIPv4(address)) return;
+    if (ipMode === 'manual' && !subnetMask) return;
+    if (ipMode === 'manual' && !isValidSubnetMask(subnetMask)) return;
+    if (ipMode === 'manual' && gateway && !isValidIPv4(gateway)) return;
+    if (status !== '') return;
+
+    setStatus('saving');
+
+    try {
+      const rsp = await api.setEthernet({
+        mode,
+        ipMode,
+        address,
+        subnetMask,
+        gateway,
+        password,
+        identity,
+        eap,
+        phase2,
+        anonymousIdentity,
+        caCert,
+        clientCert,
+        privateKey,
+        privateKeyPasswd,
+        domainSuffixMatch
+      });
+      if (rsp.code !== 0) {
+        setMessage(t('settings.network.ethernet.failed'));
+        await getEthernet();
+        return;
+      }
+
+      setConfigured(mode === 'enterprise');
+      setIsModalOpen(false);
+      await getEthernet();
+    } finally {
+      setStatus('');
+    }
+  }
+
+  function openModal() {
+    setPassword('');
+    setPrivateKeyPasswd('');
+    setMessage('');
+    setIsModalOpen(true);
+  }
+
+  function closeModal() {
+    if (status !== '') return;
+    setIsModalOpen(false);
+  }
+
+  function changeEap(value: EAPMethod) {
+    setEap(value);
+    setPhase2(getDefaultPhase2(value));
+    if (value === 'TLS') {
+      setPassword('');
+    }
+  }
+
+  const statusText = configured
+    ? connected
+      ? t('settings.network.ethernet.active')
+      : t('settings.network.ethernet.inactive')
+    : t('settings.network.ethernet.description');
+  const enterpriseEnabled = mode === 'enterprise';
+
+  return (
+    <>
+      <div className="flex items-center justify-between">
+        <div className="flex flex-col space-y-1">
+          <span>{t('settings.network.ethernet.title')}</span>
+          <span className="text-xs text-neutral-500">{statusText}</span>
+        </div>
+
+        <Button
+          type="default"
+          shape="round"
+          size="small"
+          onClick={openModal}
+        >
+          <div className={`flex items-center justify-center px-1.5 ${connected ? 'text-blue-400' : ''}`}>
+            <ApiOutlined />
+          </div>
+        </Button>
+      </div>
+
+      <Modal
+        closable={false}
+        open={isModalOpen}
+        centered={true}
+        onOk={save}
+        onCancel={closeModal}
+        okText={t('settings.network.wifi.joinBtn')}
+        cancelText={t('settings.network.wifi.cancelBtn')}
+        confirmLoading={status === 'saving'}
+      >
+        <div className="flex items-center space-x-5">
+          <div className="flex h-[64px] w-[64px] items-center justify-center text-[56px] text-blue-400">
+            <ApiOutlined />
+          </div>
+
+          <div className="flex flex-col">
+            <span className="text-lg font-bold">{t('settings.network.ethernet.connect')}</span>
+            <span className="text-xs text-neutral-400">
+              {t('settings.network.ethernet.connectDesc', { iface })}
+            </span>
+          </div>
+        </div>
+
+        <div className="flex flex-col items-center space-y-4 py-6">
+          <div className="flex w-[300px] flex-col gap-3">
+            <div className="flex flex-col gap-0.5">
+              <span className="text-sm font-medium">{t('settings.network.ethernet.ipConfig')}</span>
+              <span className="text-xs text-neutral-500">
+                {t('settings.network.ethernet.ipConfigDescription')}
+              </span>
+            </div>
+            <Segmented
+              block
+              value={ipMode}
+              options={[
+                { label: t('settings.network.dns.dhcp'), value: 'dhcp' },
+                { label: t('settings.network.dns.manual'), value: 'manual' }
+              ]}
+              onChange={(value) => setIPMode(value as EthernetIPMode)}
+            />
+
+            {ipMode === 'manual' && (
+              <div className="space-y-3 pt-1">
+                <Input
+                  value={address}
+                  placeholder={t('settings.network.ethernet.addressPlaceholder')}
+                  onChange={(e) => setAddress(e.target.value)}
+                  status={address !== '' && !isValidIPv4(address) ? 'error' : undefined}
+                />
+                <Input
+                  value={subnetMask}
+                  placeholder="255.255.255.0"
+                  onChange={(e) => setSubnetMask(e.target.value)}
+                  status={subnetMask !== '' && !isValidSubnetMask(subnetMask) ? 'error' : undefined}
+                />
+                <Input
+                  value={gateway}
+                  placeholder={t('settings.network.ethernet.gatewayPlaceholder')}
+                  onChange={(e) => setGateway(e.target.value)}
+                  status={gateway !== '' && !isValidIPv4(gateway) ? 'error' : undefined}
+                />
+              </div>
+            )}
+          </div>
+
+          <div className="h-px w-[300px] bg-neutral-800/80" />
+
+          <div className="flex w-[300px] items-center justify-between gap-3">
+            <div className="flex flex-col gap-0.5">
+              <span className="text-sm font-medium">{t('settings.network.ethernet.authTitle')}</span>
+              <span className="text-xs text-neutral-500">
+                {t('settings.network.ethernet.authDescription')}
+              </span>
+            </div>
+            <Switch
+              checked={enterpriseEnabled}
+              loading={status === 'saving'}
+              onChange={(enabled) => {
+                if (!enabled) {
+                  setMode('off');
+                  return;
+                }
+                setMode('enterprise');
+                if (!identity) setIdentity('');
+                if (!eap) setEap('PEAP');
+                if (!phase2) setPhase2('auth=MSCHAPV2');
+              }}
+            />
+          </div>
+
+          {enterpriseEnabled && (
+            <>
+              <Input
+                value={identity}
+                style={{ width: '300px' }}
+                prefix={<UserOutlined />}
+                placeholder={t('settings.network.wifi.identity')}
+                onChange={(e) => setIdentity(e.target.value)}
+              />
+              {usesPassword(eap) && (
+                <Input.Password
+                  value={password}
+                  style={{ width: '300px' }}
+                  prefix={<LockOutlined />}
+                  placeholder={
+                    passwordSet
+                      ? t('settings.network.ethernet.passwordUnchanged')
+                      : t('settings.network.wifi.password')
+                  }
+                  onChange={(e) => setPassword(e.target.value)}
+                />
+              )}
+              <Select
+                value={eap}
+                style={{ width: '300px' }}
+                options={getEapOptions(t)}
+                placeholder={t('settings.network.wifi.authentication')}
+                onChange={changeEap}
+              />
+              {usesInnerAuth(eap) && (
+                <Select
+                  value={phase2}
+                  style={{ width: '300px' }}
+                  options={getInnerAuthOptions(eap, t)}
+                  placeholder={t('settings.network.wifi.innerAuthentication')}
+                  onChange={setPhase2}
+                />
+              )}
+              <Input
+                value={anonymousIdentity}
+                style={{ width: '300px' }}
+                placeholder={t('settings.network.wifi.anonymousIdentity')}
+                onChange={(e) => setAnonymousIdentity(e.target.value)}
+              />
+              {eap === 'TLS' && (
+                <>
+                  <Input
+                    value={clientCert}
+                    style={{ width: '300px' }}
+                    placeholder={t('settings.network.wifi.clientCert')}
+                    onChange={(e) => setClientCert(e.target.value)}
+                  />
+                  <Input
+                    value={privateKey}
+                    style={{ width: '300px' }}
+                    placeholder={t('settings.network.wifi.privateKey')}
+                    onChange={(e) => setPrivateKey(e.target.value)}
+                  />
+                  <Input.Password
+                    value={privateKeyPasswd}
+                    style={{ width: '300px' }}
+                    placeholder={
+                      privateKeyPasswdSet
+                        ? t('settings.network.ethernet.privateKeyPasswdUnchanged')
+                        : t('settings.network.wifi.privateKeyPasswd')
+                    }
+                    onChange={(e) => setPrivateKeyPasswd(e.target.value)}
+                  />
+                </>
+              )}
+              <Input
+                value={caCert}
+                style={{ width: '300px' }}
+                placeholder={t('settings.network.wifi.caCert')}
+                onChange={(e) => setCaCert(e.target.value)}
+              />
+              <Input
+                value={domainSuffixMatch}
+                style={{ width: '300px' }}
+                placeholder={t('settings.network.wifi.domainSuffixMatch')}
+                onChange={(e) => setDomainSuffixMatch(e.target.value)}
+              />
+            </>
+          )}
+
+          {!!message && <span className="text-sm text-red-500">{message}</span>}
+        </div>
+      </Modal>
+    </>
+  );
+};
diff --git a/web/src/pages/desktop/menu/settings/network/index.tsx b/web/src/pages/desktop/menu/settings/network/index.tsx
index a85fd1cc..07d25f81 100644
--- a/web/src/pages/desktop/menu/settings/network/index.tsx
+++ b/web/src/pages/desktop/menu/settings/network/index.tsx
@@ -2,6 +2,8 @@ import { Divider } from 'antd';
 import { useTranslation } from 'react-i18next';
 
 import { DNS } from './dns.tsx';
+import { Ethernet } from './ethernet.tsx';
+import { NetworkDetails } from './network-details.tsx';
 import { Tls } from './tls.tsx';
 import { Wifi } from './wifi.tsx';
 
@@ -15,7 +17,9 @@ export const Network = () => {
 
       <div className="flex flex-col space-y-8">
         <Tls />
+        <Ethernet />
         <Wifi />
+        <NetworkDetails />
       </div>
 
       <Divider className="opacity-50" style={{ margin: '32px 0' }} />
diff --git a/web/src/pages/desktop/menu/settings/network/network-details.tsx b/web/src/pages/desktop/menu/settings/network/network-details.tsx
new file mode 100644
index 00000000..44eec050
--- /dev/null
+++ b/web/src/pages/desktop/menu/settings/network/network-details.tsx
@@ -0,0 +1,153 @@
+import { useEffect, useState } from 'react';
+import { useTranslation } from 'react-i18next';
+
+import * as api from '@/api/network.ts';
+
+type NetworkInfo = {
+  interface?: string;
+  type?: string;
+  address?: string;
+  subnetMask?: string;
+  gateway?: string;
+  signal?: string;
+  rxRate?: string;
+  txRate?: string;
+};
+
+type NetworkDetailsData = {
+  info?: NetworkInfo;
+  infos?: NetworkInfo[];
+};
+
+function formatInterfaceType(type: string | undefined, t: (key: string) => string) {
+  const translate = t as unknown as (key: string, options?: { defaultValue?: string }) => string;
+  switch ((type || '').toLowerCase()) {
+    case 'wired':
+      return translate('settings.network.dns.wired', { defaultValue: 'Wired' });
+    case 'wireless':
+      return translate('settings.network.dns.wireless', { defaultValue: 'Wireless' });
+    default:
+      return type || '';
+  }
+}
+
+function isWireless(info: NetworkInfo) {
+  return (info.type || '').toLowerCase() === 'wireless';
+}
+
+function formatInterface(info: NetworkInfo, t: (key: string) => string) {
+  if (!info.interface) return '';
+  const type = formatInterfaceType(info.type, t);
+  if (!type) return info.interface;
+
+  return `${type} (${info.interface})`;
+}
+
+const InfoRow = ({
+  label,
+  value,
+  isLast = false
+}: {
+  label: string;
+  value?: string;
+  isLast?: boolean;
+}) => {
+  return (
+    <div
+      className={`flex min-h-[44px] items-center justify-between px-4 ${
+        isLast ? '' : 'border-b border-neutral-700/50'
+      }`}
+    >
+      <span className="text-sm text-neutral-300">{label}</span>
+      <span className="max-w-[330px] break-all text-right text-sm text-neutral-500">
+        {value || '-'}
+      </span>
+    </div>
+  );
+};
+
+const WirelessRow = ({ label, value }: { label: string; value?: string }) => {
+  if (!value) return null;
+
+  return <InfoRow label={label} value={value} />;
+};
+
+const NetworkCard = ({ info, isLast = false }: { info: NetworkInfo; isLast?: boolean }) => {
+  const { t } = useTranslation();
+
+  return (
+    <div className={`overflow-hidden rounded-xl bg-neutral-800/50 ${isLast ? '' : 'mb-3'}`}>
+      <div className="px-4 pb-1.5 pt-3">
+        <div className="font-semibold text-neutral-100">{formatInterface(info, t) || '-'}</div>
+      </div>
+      <div>
+        <InfoRow label={t('settings.network.dns.ipAddress')} value={info.address} />
+        <InfoRow label={t('settings.network.dns.subnetMask')} value={info.subnetMask} />
+        <InfoRow label={t('settings.network.dns.router')} value={info.gateway} isLast />
+        {isWireless(info) && (
+          <>
+            <WirelessRow
+              label={t('settings.network.dns.signalStrength', { defaultValue: 'Signal Strength' })}
+              value={info.signal}
+            />
+            <WirelessRow
+              label={t('settings.network.dns.rxRate', { defaultValue: 'Receive Rate' })}
+              value={info.rxRate}
+            />
+            <WirelessRow
+              label={t('settings.network.dns.txRate', { defaultValue: 'Transmit Rate' })}
+              value={info.txRate}
+            />
+          </>
+        )}
+      </div>
+    </div>
+  );
+};
+
+export const NetworkDetails = () => {
+  const { t } = useTranslation();
+  const [details, setDetails] = useState<NetworkInfo[]>([]);
+
+  useEffect(() => {
+    getNetworkDetails();
+  }, []);
+
+  async function getNetworkDetails() {
+    try {
+      const rsp = await api.getDNS();
+      if (rsp.code !== 0) return;
+
+      const data = rsp.data as NetworkDetailsData | undefined;
+      const infos = data?.infos?.length ? data.infos : data?.info ? [data.info] : [];
+      setDetails(infos);
+    } catch {
+      /* empty */
+    }
+  }
+
+  return (
+    <div className="overflow-hidden rounded-xl bg-neutral-800/50">
+      <div className="px-4 pb-1.5 pt-3">
+        <div className="font-semibold text-neutral-100">
+          {t('settings.network.dns.networkDetails')}
+        </div>
+      </div>
+      <div className="pb-3">
+        {details.length > 0 ? (
+          details.map((info, index) => (
+            <NetworkCard
+              key={`${info.interface}-${index}`}
+              info={info}
+              isLast={index === details.length - 1}
+            />
+          ))
+        ) : (
+          <div className="px-4 py-3 text-sm text-neutral-500">
+            {t('settings.network.dns.none')}
+          </div>
+        )}
+      </div>
+    </div>
+  );
+};
diff --git a/web/src/pages/desktop/menu/settings/network/wifi.tsx b/web/src/pages/desktop/menu/settings/network/wifi.tsx
index c835f7f8..00740571 100644
--- a/web/src/pages/desktop/menu/settings/network/wifi.tsx
+++ b/web/src/pages/desktop/menu/settings/network/wifi.tsx
@@ -1,11 +1,78 @@
 import { useEffect, useState } from 'react';
-import { LockOutlined, WifiOutlined } from '@ant-design/icons';
-import { Button, Input, Modal, Select, Switch } from 'antd';
+import { LockOutlined, UserOutlined, WifiOutlined } from '@ant-design/icons';
+import { Button, Input, Modal, Select, Segmented, Switch } from 'antd';
 import { WifiIcon, WifiPenIcon } from 'lucide-react';
 import { useTranslation } from 'react-i18next';
 
 import * as api from '@/api/network.ts';
-import type { WiFiSecurityMode } from '@/api/network.ts';
+import type { WiFiIPMode, WiFiSecurityMode } from '@/api/network.ts';
+
+type EAPMethod = 'PEAP' | 'TTLS' | 'TLS' | 'PWD' | 'LEAP';
+
+const getDefaultPhase2 = (eap: EAPMethod) => {
+  if (eap === 'PEAP' || eap === 'TTLS') return 'auth=MSCHAPV2';
+  return '';
+};
+
+const getEapOptions = (t: (key: string) => string) => [
+  { value: 'PEAP', label: t('settings.network.wifi.eapPeap') },
+  { value: 'TTLS', label: t('settings.network.wifi.eapTtls') },
+  { value: 'TLS', label: t('settings.network.wifi.eapTls') },
+  { value: 'PWD', label: t('settings.network.wifi.eapPwd') },
+  { value: 'LEAP', label: t('settings.network.wifi.eapLeap') }
+];
+
+const getInnerAuthOptions = (eap: EAPMethod, t: (key: string) => string) => {
+  const peapInnerAuthOptions = [
+    { value: 'auth=MSCHAPV2', label: t('settings.network.wifi.authMschapv2') },
+    { value: 'auth=GTC', label: t('settings.network.wifi.authGtc') },
+    { value: 'auth=MD5', label: t('settings.network.wifi.authMd5') }
+  ];
+  const ttlsInnerAuthOptions = [
+    { value: 'auth=MSCHAPV2', label: t('settings.network.wifi.authMschapv2') },
+    { value: 'auth=MSCHAP', label: t('settings.network.wifi.authMschap') },
+    { value: 'auth=CHAP', label: t('settings.network.wifi.authChap') },
+    { value: 'auth=PAP', label: t('settings.network.wifi.authPap') }
+  ];
+  if (eap === 'PEAP') return peapInnerAuthOptions;
+  if (eap === 'TTLS') return ttlsInnerAuthOptions;
+  return [];
+};
+
+const usesPassword = (eap: EAPMethod) => eap !== 'TLS';
+const usesInnerAuth = (eap: EAPMethod) => eap === 'PEAP' || eap === 'TTLS';
+
+function isValidIPv4(value: string) {
+  const parts = value.split('.');
+  if (parts.length !== 4) return false;
+
+  return parts.every((part) => {
+    if (!/^\d+$/.test(part)) return false;
+    if (part.length > 1 && part.startsWith('0')) return false;
+
+    const number = Number(part);
+    return number >= 0 && number <= 255;
+  });
+}
+
+function isValidSubnetMask(value: string) {
+  const parts = value.split('.');
+  if (parts.length !== 4) return false;
+
+  const bytes = parts.map((part) => {
+    if (!/^\d+$/.test(part)) return NaN;
+    const number = Number(part);
+    if (number < 0 || number > 255) return NaN;
+    return number;
+  });
+  if (bytes.some(Number.isNaN)) return false;
+
+  const mask = bytes.map((byte) => byte.toString(2).padStart(8, '0')).join('');
+  if (!/^1*0*$/.test(mask)) return false;
+
+  const ones = mask.indexOf('0') === -1 ? 32 : mask.indexOf('0');
+  return ones >= 1 && ones <= 32;
+}
 
 export const Wifi = () => {
   const { t } = useTranslation();
@@ -16,13 +83,22 @@ export const Wifi = () => {
 
   const [isModalOpen, setIsModalOpen] = useState(false);
   const [mode, setMode] = useState<WiFiSecurityMode>('psk');
+  const [ipMode, setIPMode] = useState<WiFiIPMode>('dhcp');
+  const [address, setAddress] = useState('');
+  const [subnetMask, setSubnetMask] = useState('');
+  const [gateway, setGateway] = useState('');
   const [ssid, setSsid] = useState('');
   const [password, setPassword] = useState('');
+  const [passwordSet, setPasswordSet] = useState(false);
   const [identity, setIdentity] = useState('');
-  const [eap, setEap] = useState('PEAP');
+  const [eap, setEap] = useState<EAPMethod>('PEAP');
   const [phase2, setPhase2] = useState('auth=MSCHAPV2');
   const [anonymousIdentity, setAnonymousIdentity] = useState('');
   const [caCert, setCaCert] = useState('');
+  const [clientCert, setClientCert] = useState('');
+  const [privateKey, setPrivateKey] = useState('');
+  const [privateKeyPasswd, setPrivateKeyPasswd] = useState('');
+  const [privateKeyPasswdSet, setPrivateKeyPasswdSet] = useState(false);
   const [domainSuffixMatch, setDomainSuffixMatch] = useState('');
   const [status, setStatus] = useState<'' | 'connecting' | 'disconnecting'>('');
   const [message, setMessage] = useState('');
@@ -41,6 +117,24 @@ export const Wifi = () => {
 
       setIsSupported(!!rsp.data?.supported);
       setIsAPMode(!!rsp.data?.apMode);
+      setMode(rsp.data?.mode === 'enterprise' ? 'enterprise' : 'psk');
+      setIPMode(rsp.data?.ipMode === 'manual' ? 'manual' : 'dhcp');
+      setAddress(rsp.data?.address || '');
+      setSubnetMask(rsp.data?.subnetMask || '');
+      setGateway(rsp.data?.gateway || '');
+      setSsid(rsp.data?.ssid || '');
+      setPassword('');
+      setPasswordSet(!!rsp.data?.passwordSet);
+      setIdentity(rsp.data?.identity || '');
+      setEap((rsp.data?.eap as EAPMethod) || 'PEAP');
+      setPhase2(rsp.data?.phase2 || 'auth=MSCHAPV2');
+      setAnonymousIdentity(rsp.data?.anonymousIdentity || '');
+      setCaCert(rsp.data?.caCert || '');
+      setClientCert(rsp.data?.clientCert || '');
+      setPrivateKey(rsp.data?.privateKey || '');
+      setPrivateKeyPasswd('');
+      setPrivateKeyPasswdSet(!!rsp.data?.privateKeyPasswdSet);
+      setDomainSuffixMatch(rsp.data?.domainSuffixMatch || '');
 
       if (rsp.data?.connected && rsp.data?.ssid) {
         setConnectedWifi(rsp.data.ssid);
@@ -55,7 +149,14 @@ export const Wifi = () => {
   async function connect() {
     setMessage('');
 
-    if (!ssid || !password || (mode === 'enterprise' && !identity)) return;
+    if (!ssid || (mode === 'psk' && !password && !passwordSet)) return;
+    if (mode === 'enterprise' && (!identity || (usesPassword(eap) && !password && !passwordSet)))
+      return;
+    if (mode === 'enterprise' && eap === 'TLS' && (!clientCert || !privateKey)) return;
+    if (ipMode === 'manual' && !isValidIPv4(address)) return;
+    if (ipMode === 'manual' && !subnetMask) return;
+    if (ipMode === 'manual' && !isValidSubnetMask(subnetMask)) return;
+    if (ipMode === 'manual' && gateway && !isValidIPv4(gateway)) return;
 
     if (status !== '') return;
     setStatus('connecting');
@@ -63,11 +164,18 @@ export const Wifi = () => {
     try {
       const rsp = await api.connectWifi(ssid, password, {
         mode,
+        ipMode,
+        address,
+        subnetMask,
+        gateway,
         identity,
         eap,
         phase2,
         anonymousIdentity,
         caCert,
+        clientCert,
+        privateKey,
+        privateKeyPasswd,
         domainSuffixMatch
       });
       if (rsp.code !== 0) {
@@ -106,16 +214,10 @@ export const Wifi = () => {
     }
   }
 
-  function openModal() {
-    setMode('psk');
-    setSsid('');
+  async function openModal() {
+    await getWiFi();
     setPassword('');
-    setIdentity('');
-    setEap('PEAP');
-    setPhase2('auth=MSCHAPV2');
-    setAnonymousIdentity('');
-    setCaCert('');
-    setDomainSuffixMatch('');
+    setPrivateKeyPasswd('');
     setMessage('');
     setIsModalOpen(true);
   }
@@ -125,6 +227,14 @@ export const Wifi = () => {
     setIsModalOpen(false);
   }
 
+  function changeEap(value: EAPMethod) {
+    setEap(value);
+    setPhase2(getDefaultPhase2(value));
+    if (value === 'TLS') {
+      setPassword('');
+    }
+  }
+
   if (!isSupported) {
     return <></>;
   }
@@ -157,12 +267,16 @@ export const Wifi = () => {
         </div>
 
         <Button
-          type={connectedWiFi ? 'primary' : 'default'}
+          type="default"
           shape="round"
           size="small"
           onClick={openModal}
         >
-          <div className="flex items-center justify-center px-1.5">
+          <div
+            className={`flex items-center justify-center px-1.5 ${
+              connectedWiFi ? 'text-blue-400' : ''
+            }`}
+          >
             <WifiIcon size={16} />
           </div>
         </Button>
@@ -209,12 +323,61 @@ export const Wifi = () => {
 
         {/* form */}
         <div className="flex flex-col items-center space-y-3 py-6">
+          <div className="flex w-[300px] flex-col gap-3">
+            <div className="flex flex-col gap-0.5">
+              <span className="text-sm font-medium">{t('settings.network.wifi.ipConfig')}</span>
+            </div>
+            <Segmented
+              block
+              value={ipMode}
+              options={[
+                { label: t('settings.network.dns.dhcp'), value: 'dhcp' },
+                { label: t('settings.network.dns.manual'), value: 'manual' }
+              ]}
+              onChange={(value) => setIPMode(value as WiFiIPMode)}
+            />
+
+            {ipMode === 'manual' && (
+              <div className="space-y-3 pt-1">
+                <div className="flex flex-col gap-1">
+                  <span className="text-xs text-neutral-500">{t('settings.network.dns.ipAddress')}</span>
+                  <Input
+                    value={address}
+                    placeholder="192.168.1.10"
+                    onChange={(e) => setAddress(e.target.value)}
+                    status={address !== '' && !isValidIPv4(address) ? 'error' : undefined}
+                  />
+                </div>
+                <div className="flex flex-col gap-1">
+                  <span className="text-xs text-neutral-500">{t('settings.network.dns.subnetMask')}</span>
+                  <Input
+                    value={subnetMask}
+                    placeholder="255.255.255.0"
+                    onChange={(e) => setSubnetMask(e.target.value)}
+                    status={subnetMask !== '' && !isValidSubnetMask(subnetMask) ? 'error' : undefined}
+                  />
+                </div>
+                <div className="flex flex-col gap-1">
+                  <span className="text-xs text-neutral-500">{t('settings.network.dns.router')}</span>
+                  <Input
+                    value={gateway}
+                    placeholder="192.168.1.1"
+                    onChange={(e) => setGateway(e.target.value)}
+                    status={gateway !== '' && !isValidIPv4(gateway) ? 'error' : undefined}
+                  />
+                </div>
+              </div>
+            )}
+          </div>
+
+          <div className="h-px w-[300px] bg-neutral-800/80" />
+
           <Select
             value={mode}
             style={{ width: '300px' }}
             options={[
-              { value: 'psk', label: 'Personal / WPA-PSK' },
-              { value: 'enterprise', label: 'Enterprise / 802.1X' }
+              { value: 'psk', label: t('settings.network.wifi.personal') },
+              { value: 'enterprise', label: t('settings.network.wifi.enterprise') }
             ]}
             onChange={setMode}
           />
@@ -225,53 +388,99 @@ export const Wifi = () => {
             placeholder={t('settings.network.wifi.ssid')}
             onChange={(e) => setSsid(e.target.value)}
           />
-          <Input.Password
-            value={password}
-            style={{ width: '300px' }}
-            prefix={<LockOutlined />}
-            placeholder={t('settings.network.wifi.password')}
-            onChange={(e) => setPassword(e.target.value)}
-          />
+          {mode === 'psk' && (
+            <Input.Password
+              value={password}
+              style={{ width: '300px' }}
+              prefix={<LockOutlined />}
+              placeholder={
+                passwordSet
+                  ? t('settings.network.ethernet.passwordUnchanged')
+                  : t('settings.network.wifi.password')
+              }
+              onChange={(e) => setPassword(e.target.value)}
+            />
+          )}
           {mode === 'enterprise' && (
             <>
               <Input
                 value={identity}
                 style={{ width: '300px' }}
-                placeholder="Identity / Username"
+                prefix={<UserOutlined />}
+                placeholder={t('settings.network.wifi.identity')}
                 onChange={(e) => setIdentity(e.target.value)}
               />
+              {usesPassword(eap) && (
+                <Input.Password
+                  value={password}
+                  style={{ width: '300px' }}
+                  prefix={<LockOutlined />}
+                  placeholder={
+                    passwordSet
+                      ? t('settings.network.ethernet.passwordUnchanged')
+                      : t('settings.network.wifi.password')
+                  }
+                  onChange={(e) => setPassword(e.target.value)}
+                />
+              )}
               <Select
                 value={eap}
                 style={{ width: '300px' }}
-                options={[
-                  { value: 'PEAP', label: 'EAP: PEAP' },
-                  { value: 'TTLS', label: 'EAP: TTLS' },
-                  { value: 'TLS', label: 'EAP: TLS' }
-                ]}
-                onChange={setEap}
-              />
-              <Input
-                value={phase2}
-                style={{ width: '300px' }}
-                placeholder="Phase 2 auth"
-                onChange={(e) => setPhase2(e.target.value)}
+                options={getEapOptions(t)}
+                placeholder={t('settings.network.wifi.authentication')}
+                onChange={changeEap}
               />
+              {usesInnerAuth(eap) && (
+                <Select
+                  value={phase2}
+                  style={{ width: '300px' }}
+                  options={getInnerAuthOptions(eap, t)}
+                  placeholder={t('settings.network.wifi.innerAuthentication')}
+                  onChange={setPhase2}
+                />
+              )}
               <Input
                 value={anonymousIdentity}
                 style={{ width: '300px' }}
-                placeholder="Anonymous identity (optional)"
+                placeholder={t('settings.network.wifi.anonymousIdentity')}
                 onChange={(e) => setAnonymousIdentity(e.target.value)}
               />
+              {eap === 'TLS' && (
+                <>
+                  <Input
+                    value={clientCert}
+                    style={{ width: '300px' }}
+                    placeholder={t('settings.network.wifi.clientCert')}
+                    onChange={(e) => setClientCert(e.target.value)}
+                  />
+                  <Input
+                    value={privateKey}
+                    style={{ width: '300px' }}
+                    placeholder={t('settings.network.wifi.privateKey')}
+                    onChange={(e) => setPrivateKey(e.target.value)}
+                  />
+                  <Input.Password
+                    value={privateKeyPasswd}
+                    style={{ width: '300px' }}
+                    placeholder={
+                      privateKeyPasswdSet
+                        ? t('settings.network.ethernet.privateKeyPasswdUnchanged')
+                        : t('settings.network.wifi.privateKeyPasswd')
+                    }
+                    onChange={(e) => setPrivateKeyPasswd(e.target.value)}
+                  />
+                </>
+              )}
               <Input
                 value={caCert}
                 style={{ width: '300px' }}
-                placeholder="CA certificate path (optional)"
+                placeholder={t('settings.network.wifi.caCert')}
                 onChange={(e) => setCaCert(e.target.value)}
               />
               <Input
                 value={domainSuffixMatch}
                 style={{ width: '300px' }}
-                placeholder="Domain suffix match (optional)"
+                placeholder={t('settings.network.wifi.domainSuffixMatch')}
                 onChange={(e) => setDomainSuffixMatch(e.target.value)}
               />
             </>
diff --git a/web/src/pages/wifi/index.tsx b/web/src/pages/wifi/index.tsx
index c66df0a7..4cf5cab6 100644
--- a/web/src/pages/wifi/index.tsx
+++ b/web/src/pages/wifi/index.tsx
@@ -1,5 +1,5 @@
 import { useEffect, useState } from 'react';
-import { CheckOutlined, KeyOutlined, LockOutlined, WifiOutlined } from '@ant-design/icons';
+import { CheckOutlined, KeyOutlined, LockOutlined, UserOutlined, WifiOutlined } from '@ant-design/icons';
 import { Button, Form, Input, Select } from 'antd';
 import { useTranslation } from 'react-i18next';
 import { useSearchParams } from 'react-router-dom';
@@ -9,6 +9,40 @@ import { Head } from '@/components/head.tsx';
 
 type State = '' | 'loading' | 'success' | 'failed' | 'denied';
 type VerifyState = '' | 'failed' | 'denied';
+type EAPMethod = 'PEAP' | 'TTLS' | 'TLS' | 'PWD' | 'LEAP';
+
+const getDefaultPhase2 = (eap: EAPMethod) => {
+  if (eap === 'PEAP' || eap === 'TTLS') return 'auth=MSCHAPV2';
+  return '';
+};
+
+const getEapOptions = (t: (key: string) => string) => [
+  { value: 'PEAP', label: t('settings.network.wifi.eapPeap') },
+  { value: 'TTLS', label: t('settings.network.wifi.eapTtls') },
+  { value: 'TLS', label: t('settings.network.wifi.eapTls') },
+  { value: 'PWD', label: t('settings.network.wifi.eapPwd') },
+  { value: 'LEAP', label: t('settings.network.wifi.eapLeap') }
+];
+
+const getInnerAuthOptions = (eap: EAPMethod, t: (key: string) => string) => {
+  const peapInnerAuthOptions = [
+    { value: 'auth=MSCHAPV2', label: t('settings.network.wifi.authMschapv2') },
+    { value: 'auth=GTC', label: t('settings.network.wifi.authGtc') },
+    { value: 'auth=MD5', label: t('settings.network.wifi.authMd5') }
+  ];
+  const ttlsInnerAuthOptions = [
+    { value: 'auth=MSCHAPV2', label: t('settings.network.wifi.authMschapv2') },
+    { value: 'auth=MSCHAP', label: t('settings.network.wifi.authMschap') },
+    { value: 'auth=CHAP', label: t('settings.network.wifi.authChap') },
+    { value: 'auth=PAP', label: t('settings.network.wifi.authPap') }
+  ];
+  if (eap === 'PEAP') return peapInnerAuthOptions;
+  if (eap === 'TTLS') return ttlsInnerAuthOptions;
+  return [];
+};
+
+const usesPassword = (eap: EAPMethod) => eap !== 'TLS';
+const usesInnerAuth = (eap: EAPMethod) => eap === 'PEAP' || eap === 'TTLS';
 
 export const Wifi = () => {
   const { t } = useTranslation();
@@ -21,6 +55,7 @@ export const Wifi = () => {
   const [verifyState, setVerifyState] = useState<VerifyState>('');
   const [form] = Form.useForm();
   const mode = Form.useWatch('mode', form);
+  const eap = (Form.useWatch('eap', form) || 'PEAP') as EAPMethod;
 
   useEffect(() => {
     const pass = searchParams.get('p') || searchParams.get('P');
@@ -55,8 +90,17 @@ export const Wifi = () => {
   }
 
   async function connect(values: any) {
-    if (!values.ssid || !values.password) return;
+    if (!values.ssid) return;
+    if ((values.mode || 'psk') === 'psk' && !values.password) return;
     if (values.mode === 'enterprise' && !values.identity) return;
+    if (values.mode === 'enterprise' && usesPassword(values.eap || 'PEAP') && !values.password)
+      return;
+    if (
+      values.mode === 'enterprise' &&
+      values.eap === 'TLS' &&
+      (!values.clientCert || !values.privateKey)
+    )
+      return;
 
     if (state === 'loading') return;
     setState('loading');
@@ -69,6 +113,9 @@ export const Wifi = () => {
         phase2: values.phase2,
         anonymousIdentity: values.anonymousIdentity,
         caCert: values.caCert,
+        clientCert: values.clientCert,
+        privateKey: values.privateKey,
+        privateKeyPasswd: values.privateKeyPasswd,
         domainSuffixMatch: values.domainSuffixMatch
       });
 
@@ -155,8 +202,8 @@ export const Wifi = () => {
           <Form.Item name="mode">
             <Select
               options={[
-                { value: 'psk', label: 'Personal / WPA-PSK' },
-                { value: 'enterprise', label: 'Enterprise / 802.1X' }
+                { value: 'psk', label: t('settings.network.wifi.personal') },
+                { value: 'enterprise', label: t('settings.network.wifi.enterprise') }
               ]}
             />
           </Form.Item>
@@ -165,40 +212,78 @@ export const Wifi = () => {
             <Input prefix={<WifiOutlined />} placeholder="SSID" />
           </Form.Item>
 
-          <Form.Item name="password">
-            <Input.Password prefix={<LockOutlined />} placeholder="Password" />
-          </Form.Item>
+          {mode !== 'enterprise' && (
+            <Form.Item name="password">
+              <Input.Password
+                prefix={<LockOutlined />}
+                placeholder={t('settings.network.wifi.password')}
+              />
+            </Form.Item>
+          )}
 
           {mode === 'enterprise' && (
             <>
               <Form.Item name="identity">
-                <Input placeholder="Identity / Username" />
+                <Input prefix={<UserOutlined />} placeholder={t('settings.network.wifi.identity')} />
               </Form.Item>
 
+              {usesPassword(eap) && (
+                <Form.Item name="password">
+                  <Input.Password
+                    prefix={<LockOutlined />}
+                    placeholder={t('settings.network.wifi.password')}
+                  />
+                </Form.Item>
+              )}
+
               <Form.Item name="eap">
                 <Select
-                  options={[
-                    { value: 'PEAP', label: 'EAP: PEAP' },
-                    { value: 'TTLS', label: 'EAP: TTLS' },
-                    { value: 'TLS', label: 'EAP: TLS' }
-                  ]}
+                  options={getEapOptions(t)}
+                  placeholder={t('settings.network.wifi.authentication')}
+                  onChange={(value: EAPMethod) => {
+                    form.setFieldValue('phase2', getDefaultPhase2(value));
+                    if (value === 'TLS') {
+                      form.setFieldValue('password', '');
+                    }
+                  }}
                 />
               </Form.Item>
 
-              <Form.Item name="phase2">
-                <Input placeholder="Phase 2 auth" />
-              </Form.Item>
+              {usesInnerAuth(eap) && (
+                <Form.Item name="phase2">
+                  <Select
+                    options={getInnerAuthOptions(eap, t)}
+                    placeholder={t('settings.network.wifi.innerAuthentication')}
+                  />
+                </Form.Item>
+              )}
 
               <Form.Item name="anonymousIdentity">
-                <Input placeholder="Anonymous identity (optional)" />
+                <Input placeholder={t('settings.network.wifi.anonymousIdentity')} />
               </Form.Item>
 
               <Form.Item name="caCert">
-                <Input placeholder="CA certificate path (optional)" />
+                <Input placeholder={t('settings.network.wifi.caCert')} />
               </Form.Item>
 
+              {eap === 'TLS' && (
+                <>
+                  <Form.Item name="clientCert">
+                    <Input placeholder={t('settings.network.wifi.clientCert')} />
+                  </Form.Item>
+
+                  <Form.Item name="privateKey">
+                    <Input placeholder={t('settings.network.wifi.privateKey')} />
+                  </Form.Item>
+
+                  <Form.Item name="privateKeyPasswd">
+                    <Input.Password placeholder={t('settings.network.wifi.privateKeyPasswd')} />
+                  </Form.Item>
+                </>
+              )}
+
               <Form.Item name="domainSuffixMatch">
-                <Input placeholder="Domain suffix match (optional)" />
+                <Input placeholder={t('settings.network.wifi.domainSuffixMatch')} />
               </Form.Item>
             </>
           )}

From 984d0f60731442e3f747d65854273853ebbe0390 Mon Sep 17 00:00:00 2001
From: YipKo <17290550+YipKo@users.noreply.github.com>
Date: Wed, 27 May 2026 03:59:51 +0800
Subject: [PATCH 5/5] chore: add translations for network settings updates

---
 web/src/i18n/locales/ca.ts    | 63 +++++++++++++++++++++++++++++++----
 web/src/i18n/locales/cz.ts    | 53 ++++++++++++++++++++++++++++-
 web/src/i18n/locales/da.ts    | 53 ++++++++++++++++++++++++++++-
 web/src/i18n/locales/de.ts    | 53 ++++++++++++++++++++++++++++-
 web/src/i18n/locales/es.ts    | 53 ++++++++++++++++++++++++++++-
 web/src/i18n/locales/fr.ts    | 55 ++++++++++++++++++++++++++++--
 web/src/i18n/locales/hu.ts    | 53 ++++++++++++++++++++++++++++-
 web/src/i18n/locales/id.ts    | 53 ++++++++++++++++++++++++++++-
 web/src/i18n/locales/it.ts    | 53 ++++++++++++++++++++++++++++-
 web/src/i18n/locales/ja.ts    | 53 ++++++++++++++++++++++++++++-
 web/src/i18n/locales/ko.ts    | 53 ++++++++++++++++++++++++++++-
 web/src/i18n/locales/nb.ts    | 53 ++++++++++++++++++++++++++++-
 web/src/i18n/locales/nl.ts    | 53 ++++++++++++++++++++++++++++-
 web/src/i18n/locales/pl.ts    | 53 ++++++++++++++++++++++++++++-
 web/src/i18n/locales/pt_br.ts | 53 ++++++++++++++++++++++++++++-
 web/src/i18n/locales/ru.ts    | 53 ++++++++++++++++++++++++++++-
 web/src/i18n/locales/se.ts    | 53 ++++++++++++++++++++++++++++-
 web/src/i18n/locales/th.ts    | 53 ++++++++++++++++++++++++++++-
 web/src/i18n/locales/tr.ts    | 53 ++++++++++++++++++++++++++++-
 web/src/i18n/locales/uk.ts    | 57 +++++++++++++++++++++++++++++--
 web/src/i18n/locales/vi.ts    | 53 ++++++++++++++++++++++++++++-
 web/src/i18n/locales/zh.ts    |  2 +-
 web/src/i18n/locales/zh_tw.ts |  2 +-
 23 files changed, 1102 insertions(+), 31 deletions(-)

diff --git a/web/src/i18n/locales/ca.ts b/web/src/i18n/locales/ca.ts
index 57b1a072..78c236aa 100644
--- a/web/src/i18n/locales/ca.ts
+++ b/web/src/i18n/locales/ca.ts
@@ -9,21 +9,21 @@ const ca = {
     },
     auth: {
       login: 'Inici de sessió',
-      placeholderUsername: "Nom d'usuari",
+      placeholderUsername: "Nom d\'usuari",
       placeholderPassword: 'Contrasenya',
       placeholderPassword2: 'Torna a introduir la contrasenya',
-      noEmptyUsername: "Cal introduir el nom d'usuari",
+      noEmptyUsername: "Cal introduir el nom d\'usuari",
       noEmptyPassword: 'Cal introduir la contrasenya',
       noAccount:
-        "No s'ha pogut obtenir la informació de l'usuari, actualitza la pàgina web o restableix la contrasenya",
-      invalidUser: "Nom d'usuari o contrasenya invàlids",
+        "No s'ha pogut obtenir la informació de l\'usuari, actualitza la pàgina web o restableix la contrasenya",
+      invalidUser: "Nom d\'usuari o contrasenya invàlids",
       locked: 'Massa inicis de sessió, si us plau, torna-ho a provar més tard',
       globalLocked: 'Sistema sota protecció, torneu-ho a provar més tard',
       error: 'Error inesperat',
       changePassword: 'Canviar la contrasenya',
       changePasswordDesc: 'Per a la seguretat del dispositiu, canvia la contrasenya!',
       differentPassword: 'Les contrasenyes no coincideixen',
-      illegalUsername: "El nom d'usuari conté caràcters no permesos",
+      illegalUsername: "El nom d\'usuari conté caràcters no permesos",
       illegalPassword: 'La contrasenya conté caràcters no permesos',
       forgetPassword: 'Has oblidat la contrasenya',
       ok: "D'acord",
@@ -381,8 +381,54 @@ const ca = {
           password: 'Contrasenya',
           joinBtn: 'Connecta',
           confirmBtn: "D'acord",
-          cancelBtn: 'Cancel·la'
+          cancelBtn: 'Cancel·la',
+          ipConfig: 'Configuració IP',
+          ipConfigDescription: 'Trieu DHCP o establiu una adreça estàtica per a aquesta connexió Wi-Fi',
+          security: 'Seguretat',
+          personal: 'Personal / WPA-PSK',
+          enterprise: 'Empresa / 802.1X',
+          identity: 'Identitat / Nom d\'usuari',
+          authentication: 'Autenticació',
+          innerAuthentication: 'Autenticació interna',
+          anonymousIdentity: 'Identitat anònima (opcional)',
+          caCert: 'Ruta del certificat CA (opcional)',
+          domainSuffixMatch: 'Coincidència de sufix de domini (opcional)',
+          clientCert: 'Ruta del certificat client',
+          privateKey: 'Ruta de la clau privada',
+          privateKeyPasswd: 'Contrasenya de la clau privada (opcional)',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS (Certificat)',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
         },
+        ethernet: {
+          title: 'Xarxa amb cable',
+          description: 'Configurar IP i autenticació 802.1X opcional',
+          connect: 'Configurar xarxa amb cable',
+          connectDesc: 'Configurar IP per a {{iface}} i activar 802.1X si cal',
+          ipConfig: 'Configuració IP',
+          ipConfigDescription: 'Trieu DHCP o establiu una adreça estàtica per a aquesta interfície amb cable',
+          authTitle: 'Autenticació 802.1X',
+          authDescription: 'Activeu només si la vostra xarxa amb cable requereix autenticació per nom d\'usuari, contrasenya o certificat',
+          driverRequired: '802.1X amb cable necessita un wpa_supplicant del sistema amb suport de controlador wired',
+          addressPlaceholder: 'Adreça IP estàtica (ex: 192.168.1.10)',
+          gatewayPlaceholder: 'Passarel·la (opcional)',
+          passwordUnchanged: 'Sense canvis',
+          privateKeyPasswdUnchanged: 'Sense canvis',
+          off: 'Desactivat',
+          enterprise: 'Empresa / 802.1X',
+          active: '802.1X activat',
+          inactive: '802.1X configurat, esperant autenticació',
+          failed: 'Error en configurar la xarxa amb cable 802.1X. Torneu-ho a provar.'
+        },
+
         tls: {
           description: 'Activa el protocol HTTPS',
           tip: 'Atenció: Usar HTTPS pot augmentar la latència, sobretot amb vídeo MJPEG.'
@@ -409,6 +455,11 @@ const ca = {
           ipAddress: 'Adreça IP',
           subnetMask: 'Màscara de subxarxa',
           router: 'Encaminador',
+          wired: 'Amb cable',
+          wireless: 'Sense fil',
+          signalStrength: 'Intensitat del senyal',
+          rxRate: 'Velocitat de recepció',
+          txRate: 'Velocitat de transmissió',
           none: 'Cap'
         }
       },
diff --git a/web/src/i18n/locales/cz.ts b/web/src/i18n/locales/cz.ts
index 269ffcaa..f71fab9b 100644
--- a/web/src/i18n/locales/cz.ts
+++ b/web/src/i18n/locales/cz.ts
@@ -384,8 +384,54 @@ const cz = {
           password: 'Heslo',
           joinBtn: 'Připojit',
           confirmBtn: 'OK',
-          cancelBtn: 'Zrušit'
+          cancelBtn: 'Zrušit',
+          ipConfig: 'Konfigurace IP',
+          ipConfigDescription: 'Vyberte DHCP nebo nastavte statickou adresu pro toto připojení Wi-Fi',
+          security: 'Zabezpečení',
+          personal: 'Osobní / WPA-PSK',
+          enterprise: 'Firemní / 802.1X',
+          identity: 'Identita / Uživatelské jméno',
+          authentication: 'Ověření',
+          innerAuthentication: 'Vnitřní ověření',
+          anonymousIdentity: 'Anonymní identita (volitelné)',
+          caCert: 'Cesta k certifikátu CA (volitelné)',
+          domainSuffixMatch: 'Shoda přípony domény (volitelné)',
+          clientCert: 'Cesta klientského certifikátu',
+          privateKey: 'Cesta soukromého klíče',
+          privateKeyPasswd: 'Heslo soukromého klíče (volitelné)',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS (Certifikát)',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
         },
+        ethernet: {
+          title: 'Drátová síť',
+          description: 'Konfigurace IP a volitelného ověření 802.1X',
+          connect: 'Nakonfigurovat drátovou síť',
+          connectDesc: 'Nakonfigurujte IP pro {{iface}} a povolte 802.1X v případě potřeby',
+          ipConfig: 'Konfigurace IP',
+          ipConfigDescription: 'Vyberte DHCP nebo nastavte statickou adresu pro tento drátový interface',
+          authTitle: 'Ověření 802.1X',
+          authDescription: 'Povolte pouze pokud vaše drátová síť vyžaduje ověření pomocí uživatelského jména, hesla nebo certifikátu',
+          driverRequired: 'Drátové 802.1X vyžaduje systémový wpa_supplicant s podporou ovladače wired',
+          addressPlaceholder: 'Statická IP adresa (např. 192.168.1.10)',
+          gatewayPlaceholder: 'Brána (volitelné)',
+          passwordUnchanged: 'Beze změny',
+          privateKeyPasswdUnchanged: 'Beze změny',
+          off: 'Zakázáno',
+          enterprise: 'Firemní / 802.1X',
+          active: '802.1X povoleno',
+          inactive: '802.1X nakonfigurováno, čeká na ověření',
+          failed: 'Nepodařilo se nakonfigurovat drátovou síť 802.1X. Zkuste to prosím znovu.'
+        },
+
         tls: {
           description: 'Povolit protokol HTTPS',
           tip: 'Upozornění: Použití HTTPS může zvýšit latenci, zejména v režimu videa MJPEG.'
@@ -412,6 +458,11 @@ const cz = {
           ipAddress: 'IP adresa',
           subnetMask: 'Maska podsítě',
           router: 'Router',
+          wired: 'Drátová',
+          wireless: 'Bezdrátová',
+          signalStrength: 'Síla signálu',
+          rxRate: 'Rychlost příjmu',
+          txRate: 'Rychlost odesílání',
           none: 'Žádné'
         }
       },
diff --git a/web/src/i18n/locales/da.ts b/web/src/i18n/locales/da.ts
index fb2a52b5..71489962 100644
--- a/web/src/i18n/locales/da.ts
+++ b/web/src/i18n/locales/da.ts
@@ -383,8 +383,54 @@ const da = {
           password: 'Adgangskode',
           joinBtn: 'Tilslut',
           confirmBtn: 'OK',
-          cancelBtn: 'Annuller'
+          cancelBtn: 'Annuller',
+          ipConfig: 'IP-konfiguration',
+          ipConfigDescription: 'Vælg DHCP eller angiv en statisk adresse for denne Wi-Fi-forbindelse',
+          security: 'Sikkerhed',
+          personal: 'Personlig / WPA-PSK',
+          enterprise: 'Erhverv / 802.1X',
+          identity: 'Identitet / Brugernavn',
+          authentication: 'Godkendelse',
+          innerAuthentication: 'Intern godkendelse',
+          anonymousIdentity: 'Anonym identitet (valgfrit)',
+          caCert: 'CA-certifikatsti (valgfrit)',
+          domainSuffixMatch: 'Domænesuffiks-matchning (valgfrit)',
+          clientCert: 'Klientcertifikatsti',
+          privateKey: 'Privat nøglesti',
+          privateKeyPasswd: 'Adgangskode for privat nøgle (valgfrit)',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS (Certifikat)',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
         },
+        ethernet: {
+          title: 'Kablet netværk',
+          description: 'Konfigurer IP-indstillinger og valgfri 802.1X-godkendelse',
+          connect: 'Konfigurer kablet netværk',
+          connectDesc: 'Konfigurer IP for {{iface}} og aktiver 802.1X ved behov',
+          ipConfig: 'IP-konfiguration',
+          ipConfigDescription: 'Vælg DHCP eller angiv en statisk adresse for dette kablede interface',
+          authTitle: '802.1X-godkendelse',
+          authDescription: 'Aktiver kun hvis dit kablede netværk kræver brugernavn, adgangskode eller certifikatgodkendelse',
+          driverRequired: 'Kablet 802.1X kræver en system-wpa_supplicant med understøttelse af wired-driver',
+          addressPlaceholder: 'Statisk IP-adresse (f.eks. 192.168.1.10)',
+          gatewayPlaceholder: 'Gateway (valgfrit)',
+          passwordUnchanged: 'Ingen ændring',
+          privateKeyPasswdUnchanged: 'Ingen ændring',
+          off: 'Deaktiveret',
+          enterprise: 'Erhverv / 802.1X',
+          active: '802.1X aktiveret',
+          inactive: '802.1X konfigureret, venter på godkendelse',
+          failed: 'Konfiguration af kablet netværk 802.1X mislykkedes. Prøv venligst igen.'
+        },
+
         tls: {
           description: 'Aktiver HTTPS-protokol',
           tip: 'Bemærk: Brug af HTTPS kan øge forsinkelsen, især med MJPEG-videotilstand.'
@@ -411,6 +457,11 @@ const da = {
           ipAddress: 'IP-adresse',
           subnetMask: 'Undernetmaske',
           router: 'Router',
+          wired: 'Kablet',
+          wireless: 'Trådløst',
+          signalStrength: 'Signalstyrke',
+          rxRate: 'Modtagelseshastighed',
+          txRate: 'Sendehastighed',
           none: 'Ingen'
         }
       },
diff --git a/web/src/i18n/locales/de.ts b/web/src/i18n/locales/de.ts
index 8cbaf2b2..135ec7e8 100644
--- a/web/src/i18n/locales/de.ts
+++ b/web/src/i18n/locales/de.ts
@@ -388,8 +388,54 @@ const de = {
           password: 'Passwort',
           joinBtn: 'Verbinden',
           confirmBtn: 'OK',
-          cancelBtn: 'Abbrechen'
+          cancelBtn: 'Abbrechen',
+          ipConfig: 'IP-Konfiguration',
+          ipConfigDescription: 'DHCP oder statische Adresse für diese Wi-Fi-Verbindung wählen',
+          security: 'Sicherheit',
+          personal: 'Persönlich / WPA-PSK',
+          enterprise: 'Unternehmen / 802.1X',
+          identity: 'Identität / Benutzername',
+          authentication: 'Authentifizierung',
+          innerAuthentication: 'Innere Authentifizierung',
+          anonymousIdentity: 'Anonyme Identität (optional)',
+          caCert: 'CA-Zertifikatpfad (optional)',
+          domainSuffixMatch: 'Domänensuffix-Abgleich (optional)',
+          clientCert: 'Client-Zertifikatpfad',
+          privateKey: 'Privater Schlüsselpfad',
+          privateKeyPasswd: 'Passwort für privaten Schlüssel (optional)',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS (Zertifikat)',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
         },
+        ethernet: {
+          title: 'Kabelgebundenes Netzwerk',
+          description: 'IP-Einstellungen und optionale 802.1X-Authentifizierung konfigurieren',
+          connect: 'Kabelgebundenes Netzwerk konfigurieren',
+          connectDesc: 'IP-Konfiguration für {{iface}} festlegen und bei Bedarf 802.1X aktivieren',
+          ipConfig: 'IP-Konfiguration',
+          ipConfigDescription: 'DHCP oder statische Adresse für diese kabelgebundene Schnittstelle wählen',
+          authTitle: '802.1X-Authentifizierung',
+          authDescription: 'Nur aktivieren, wenn Ihr kabelgebundenes Netzwerk Benutzername, Passwort oder Zertifikat-Authentifizierung erfordert',
+          driverRequired: 'Kabelgebundenes 802.1X erfordert ein wpa_supplicant-System mit Wired-Treiber-Unterstützung',
+          addressPlaceholder: 'Statische IP-Adresse (z.B. 192.168.1.10)',
+          gatewayPlaceholder: 'Gateway (optional)',
+          passwordUnchanged: 'Keine Änderung',
+          privateKeyPasswdUnchanged: 'Keine Änderung',
+          off: 'Deaktiviert',
+          enterprise: 'Unternehmen / 802.1X',
+          active: '802.1X aktiviert',
+          inactive: '802.1X konfiguriert, warte auf Authentifizierung',
+          failed: 'Konfiguration von Kabelgebundenes Netzwerk 802.1X fehlgeschlagen. Bitte erneut versuchen.'
+        },
+
         tls: {
           description: 'HTTPS-Protokoll aktivieren',
           tip: 'Hinweis: Die Verwendung von HTTPS kann die Latenz erhöhen, besonders im MJPEG-Videomodus.'
@@ -416,6 +462,11 @@ const de = {
           ipAddress: 'IP-Adresse',
           subnetMask: 'Subnetzmaske',
           router: 'Router',
+          wired: 'Kabelgebunden',
+          wireless: 'Drahtlos',
+          signalStrength: 'Signalstärke',
+          rxRate: 'Empfangsrate',
+          txRate: 'Sendrate',
           none: 'Keine'
         }
       },
diff --git a/web/src/i18n/locales/es.ts b/web/src/i18n/locales/es.ts
index 8f789dd6..a71cc108 100644
--- a/web/src/i18n/locales/es.ts
+++ b/web/src/i18n/locales/es.ts
@@ -385,8 +385,54 @@ const es = {
           password: 'Contraseña',
           joinBtn: 'Unirse',
           confirmBtn: 'Aceptar',
-          cancelBtn: 'Cancelar'
+          cancelBtn: 'Cancelar',
+          ipConfig: 'Configuración IP',
+          ipConfigDescription: 'Elegir DHCP o establecer una dirección estática para esta conexión Wi-Fi',
+          security: 'Seguridad',
+          personal: 'Personal / WPA-PSK',
+          enterprise: 'Empresa / 802.1X',
+          identity: 'Identidad / Nombre de usuario',
+          authentication: 'Autenticación',
+          innerAuthentication: 'Autenticación interna',
+          anonymousIdentity: 'Identidad anónima (opcional)',
+          caCert: 'Ruta del certificado CA (opcional)',
+          domainSuffixMatch: 'Coincidencia de sufijo de dominio (opcional)',
+          clientCert: 'Ruta del certificado cliente',
+          privateKey: 'Ruta de la clave privada',
+          privateKeyPasswd: 'Contraseña de la clave privada (opcional)',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS (Certificado)',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
         },
+        ethernet: {
+          title: 'Red cableada',
+          description: 'Configurar IP y autenticación 802.1X opcional',
+          connect: 'Configurar red cableada',
+          connectDesc: 'Configurar IP para {{iface}} y habilitar 802.1X si es necesario',
+          ipConfig: 'Configuración IP',
+          ipConfigDescription: 'Elegir DHCP o establecer una dirección estática para esta interfaz cableada',
+          authTitle: 'Autenticación 802.1X',
+          authDescription: 'Active solo si su red cableada requiere autenticación por usuario, contraseña o certificado',
+          driverRequired: '802.1X cableado necesita un wpa_supplicant del sistema con soporte de controlador wired',
+          addressPlaceholder: 'Dirección IP estática (ej: 192.168.1.10)',
+          gatewayPlaceholder: 'Puerta de enlace (opcional)',
+          passwordUnchanged: 'Sin cambios',
+          privateKeyPasswdUnchanged: 'Sin cambios',
+          off: 'Deshabilitado',
+          enterprise: 'Empresa / 802.1X',
+          active: '802.1X habilitado',
+          inactive: '802.1X configurado, esperando autenticación',
+          failed: 'Error al configurar la red cableada 802.1X. Por favor, inténtelo de nuevo.'
+        },
+
         tls: {
           description: 'Habilitar protocolo HTTPS',
           tip: 'Aviso: Usar HTTPS puede aumentar la latencia, especialmente en modo de vídeo MJPEG.'
@@ -413,6 +459,11 @@ const es = {
           ipAddress: 'Dirección IP',
           subnetMask: 'Máscara de subred',
           router: 'Router',
+          wired: 'Cableada',
+          wireless: 'Inalámbrica',
+          signalStrength: 'Intensidad de señal',
+          rxRate: 'Velocidad de recepción',
+          txRate: 'Velocidad de transmisión',
           none: 'Ninguno'
         }
       },
diff --git a/web/src/i18n/locales/fr.ts b/web/src/i18n/locales/fr.ts
index d46989ea..72615dbb 100644
--- a/web/src/i18n/locales/fr.ts
+++ b/web/src/i18n/locales/fr.ts
@@ -15,7 +15,7 @@ const fr = {
       noEmptyUsername: "Le nom d'utilisateur ne peut pas être vide",
       noEmptyPassword: 'Le mot de passe ne peut pas être vide',
       noAccount:
-        "Impossible de récupérer les informations de l'utilisateur, veuillez rafraîchir la page ou réinitialiser le mot de passe",
+        "Impossible de récupérer les informations de l\'utilisateur, veuillez rafraîchir la page ou réinitialiser le mot de passe",
       invalidUser: "Nom d'utilisateur ou mot de passe invalide",
       locked: 'Trop de connexions, veuillez réessayer plus tard',
       globalLocked: 'Système sous protection, veuillez réessayer plus tard',
@@ -387,8 +387,54 @@ const fr = {
           password: 'Mot de passe',
           joinBtn: 'Rejoindre',
           confirmBtn: 'OK',
-          cancelBtn: 'Annuler'
+          cancelBtn: 'Annuler',
+          ipConfig: 'Configuration IP',
+          ipConfigDescription: 'Choisir DHCP ou définir une adresse statique pour cette connexion Wi-Fi',
+          security: 'Sécurité',
+          personal: 'Personnel / WPA-PSK',
+          enterprise: 'Entreprise / 802.1X',
+          identity: 'Identifiant / Nom d\'utilisateur',
+          authentication: 'Authentification',
+          innerAuthentication: 'Authentification interne',
+          anonymousIdentity: 'Identité anonyme (optionnel)',
+          caCert: 'Chemin du certificat CA (optionnel)',
+          domainSuffixMatch: 'Correspondance du suffixe de domaine (optionnel)',
+          clientCert: 'Chemin du certificat client',
+          privateKey: 'Chemin de la clé privée',
+          privateKeyPasswd: 'Mot de passe de la clé privée (optionnel)',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS (Certificat)',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
         },
+        ethernet: {
+          title: 'Réseau filaire',
+          description: 'Configurer les paramètres IP et l\'authentification 802.1X optionnelle',
+          connect: 'Configurer le réseau filaire',
+          connectDesc: 'Configurer les paramètres IP pour {{iface}} et activer 802.1X si nécessaire',
+          ipConfig: 'Configuration IP',
+          ipConfigDescription: 'Choisir DHCP ou définir une adresse statique pour cette interface filaire',
+          authTitle: 'Authentification 802.1X',
+          authDescription: 'Activez uniquement si votre réseau filaire nécessite une authentification par nom d\'utilisateur, mot de passe ou certificat',
+          driverRequired: 'Le réseau filaire 802.1X nécessite un système wpa_supplicant avec prise en charge du pilote wired',
+          addressPlaceholder: 'Adresse IP statique (ex: 192.168.1.10)',
+          gatewayPlaceholder: 'Passerelle (optionnel)',
+          passwordUnchanged: 'Aucun changement',
+          privateKeyPasswdUnchanged: 'Aucun changement',
+          off: 'Désactivé',
+          enterprise: 'Entreprise / 802.1X',
+          active: '802.1X activé',
+          inactive: '802.1X configuré, en attente d\'authentification',
+          failed: 'Échec de la configuration du réseau filaire 802.1X. Veuillez réessayer.'
+        },
+
         tls: {
           description: 'Activer le protocole HTTPS',
           tip: "Attention : l'utilisation de HTTPS peut augmenter la latence, surtout en mode vidéo MJPEG."
@@ -415,6 +461,11 @@ const fr = {
           ipAddress: 'Adresse IP',
           subnetMask: 'Masque de sous-réseau',
           router: 'Routeur',
+          wired: 'Filaire',
+          wireless: 'Sans fil',
+          signalStrength: 'Force du signal',
+          rxRate: 'Débit réception',
+          txRate: 'Débit émission',
           none: 'Aucun'
         }
       },
diff --git a/web/src/i18n/locales/hu.ts b/web/src/i18n/locales/hu.ts
index 2d20380a..85d1e9bb 100644
--- a/web/src/i18n/locales/hu.ts
+++ b/web/src/i18n/locales/hu.ts
@@ -386,8 +386,54 @@ const hu = {
           password: 'Jelszó',
           joinBtn: 'Csatlakozás',
           confirmBtn: 'OK',
-          cancelBtn: 'Mégse'
+          cancelBtn: 'Mégse',
+          ipConfig: 'IP konfiguráció',
+          ipConfigDescription: 'Válassza a DHCP-t vagy állítson be statikus címet ehhez a Wi-Fi kapcsolathoz',
+          security: 'Biztonság',
+          personal: 'Személyes / WPA-PSK',
+          enterprise: 'Vállalati / 802.1X',
+          identity: 'Azonosító / Felhasználónév',
+          authentication: 'Hitelesítés',
+          innerAuthentication: 'Belső hitelesítés',
+          anonymousIdentity: 'Névtelen azonosító (opcionális)',
+          caCert: 'CA tanúsítvány elérési útja (opcionális)',
+          domainSuffixMatch: 'Tartomány utótag egyezés (opcionális)',
+          clientCert: 'Kliens tanúsítvány elérési útja',
+          privateKey: 'Privát kulcs elérési útja',
+          privateKeyPasswd: 'Privát kulcs jelszava (opcionális)',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS (Tanúsítvány)',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
         },
+        ethernet: {
+          title: 'Vezetékes hálózat',
+          description: 'IP beállítások és opcionális 802.1X hitelesítés konfigurálása',
+          connect: 'Vezetékes hálózat konfigurálása',
+          connectDesc: 'IP konfiguráció beállítása a(z) {{iface}} számára és 802.1X engedélyezése szükség esetén',
+          ipConfig: 'IP konfiguráció',
+          ipConfigDescription: 'Válassza a DHCP-t vagy állítson be statikus címet ehhez a vezetékes interfészhez',
+          authTitle: '802.1X hitelesítés',
+          authDescription: 'Csak akkor engedélyezze, ha a vezetékes hálózat felhasználónévvel, jelszóval vagy tanúsítvánnyal történő hitelesítést igényel',
+          driverRequired: 'A vezetékes 802.1X egy wired meghajtó támogatással rendelkező rendszer wpa_supplicant-t igényel',
+          addressPlaceholder: 'Statikus IP-cím (pl. 192.168.1.10)',
+          gatewayPlaceholder: 'Átjáró (opcionális)',
+          passwordUnchanged: 'Nincs változás',
+          privateKeyPasswdUnchanged: 'Nincs változás',
+          off: 'Letiltva',
+          enterprise: 'Vállalati / 802.1X',
+          active: '802.1X engedélyezve',
+          inactive: '802.1X konfigurálva, hitelesítésre vár',
+          failed: 'A vezetékes hálózat 802.1X konfigurálása sikertelen. Kérjük, próbálja újra.'
+        },
+
         tls: {
           description: 'HTTPS protokoll engedélyezése',
           tip: 'Figyelem: A HTTPS használata növelheti a késleltetést, különösen MJPEG videó módban.'
@@ -414,6 +460,11 @@ const hu = {
           ipAddress: 'IP-cím',
           subnetMask: 'Alhálózati maszk',
           router: 'Router',
+          wired: 'Vezetékes',
+          wireless: 'Vezeték nélküli',
+          signalStrength: 'Jelerősség',
+          rxRate: 'Fogadási sebesség',
+          txRate: 'Küldési sebesség',
           none: 'Nincs'
         }
       },
diff --git a/web/src/i18n/locales/id.ts b/web/src/i18n/locales/id.ts
index 7c37c4a1..105f0d3a 100644
--- a/web/src/i18n/locales/id.ts
+++ b/web/src/i18n/locales/id.ts
@@ -383,8 +383,54 @@ const id = {
           password: 'Kata sandi',
           joinBtn: 'Gabung',
           confirmBtn: 'OK',
-          cancelBtn: 'Batal'
+          cancelBtn: 'Batal',
+          ipConfig: 'Konfigurasi IP',
+          ipConfigDescription: 'Pilih DHCP atau atur alamat statis untuk koneksi Wi-Fi ini',
+          security: 'Keamanan',
+          personal: 'Personal / WPA-PSK',
+          enterprise: 'Enterprise / 802.1X',
+          identity: 'Identitas / Nama pengguna',
+          authentication: 'Autentikasi',
+          innerAuthentication: 'Autentikasi internal',
+          anonymousIdentity: 'Identitas anonim (opsional)',
+          caCert: 'Jalur sertifikat CA (opsional)',
+          domainSuffixMatch: 'Pencocokan akhiran domain (opsional)',
+          clientCert: 'Jalur sertifikat klien',
+          privateKey: 'Jalur kunci privat',
+          privateKeyPasswd: 'Kata sandi kunci privat (opsional)',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS (Sertifikat)',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
         },
+        ethernet: {
+          title: 'Jaringan berkabel',
+          description: 'Konfigurasi IP dan autentikasi 802.1X opsional',
+          connect: 'Konfigurasi jaringan berkabel',
+          connectDesc: 'Atur konfigurasi IP untuk {{iface}} dan aktifkan 802.1X jika diperlukan',
+          ipConfig: 'Konfigurasi IP',
+          ipConfigDescription: 'Pilih DHCP atau atur alamat statis untuk antarmuka berkabel ini',
+          authTitle: 'Autentikasi 802.1X',
+          authDescription: 'Aktifkan hanya jika jaringan berkabel Anda memerlukan autentikasi nama pengguna, kata sandi, atau sertifikat',
+          driverRequired: '802.1X berkabel memerlukan build wpa_supplicant sistem dengan dukungan driver wired',
+          addressPlaceholder: 'Alamat IP statis (mis: 192.168.1.10)',
+          gatewayPlaceholder: 'Gateway (opsional)',
+          passwordUnchanged: 'Tidak ada perubahan',
+          privateKeyPasswdUnchanged: 'Tidak ada perubahan',
+          off: 'Nonaktif',
+          enterprise: 'Enterprise / 802.1X',
+          active: '802.1X aktif',
+          inactive: '802.1X dikonfigurasi, menunggu autentikasi',
+          failed: 'Gagal mengkonfigurasi jaringan berkabel 802.1X. Silakan coba lagi.'
+        },
+
         tls: {
           description: 'Aktifkan protokol HTTPS',
           tip: 'Perhatian: Menggunakan HTTPS dapat meningkatkan latensi, terutama pada mode video MJPEG.'
@@ -411,6 +457,11 @@ const id = {
           ipAddress: 'Alamat IP',
           subnetMask: 'Subnet mask',
           router: 'Router',
+          wired: 'Berkabel',
+          wireless: 'Nirkabel',
+          signalStrength: 'Kekuatan sinyal',
+          rxRate: 'Kecepatan terima',
+          txRate: 'Kecepatan kirim',
           none: 'Tidak ada'
         }
       },
diff --git a/web/src/i18n/locales/it.ts b/web/src/i18n/locales/it.ts
index 8df8546f..8c066c0c 100644
--- a/web/src/i18n/locales/it.ts
+++ b/web/src/i18n/locales/it.ts
@@ -387,8 +387,54 @@ const it = {
           password: 'Password',
           joinBtn: 'Connetti',
           confirmBtn: 'OK',
-          cancelBtn: 'Annulla'
+          cancelBtn: 'Annulla',
+          ipConfig: 'Configurazione IP',
+          ipConfigDescription: 'Scegli DHCP o imposta un indirizzo statico per questa connessione Wi-Fi',
+          security: 'Sicurezza',
+          personal: 'Personale / WPA-PSK',
+          enterprise: 'Aziendale / 802.1X',
+          identity: 'Identità / Nome utente',
+          authentication: 'Autenticazione',
+          innerAuthentication: 'Autenticazione interna',
+          anonymousIdentity: 'Identità anonima (opzionale)',
+          caCert: 'Percorso certificato CA (opzionale)',
+          domainSuffixMatch: 'Corrispondenza suffisso dominio (opzionale)',
+          clientCert: 'Percorso certificato client',
+          privateKey: 'Percorso chiave privata',
+          privateKeyPasswd: 'Password chiave privata (opzionale)',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS (Certificato)',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
         },
+        ethernet: {
+          title: 'Rete cablata',
+          description: 'Configura IP e autenticazione 802.1X opzionale',
+          connect: 'Configura rete cablata',
+          connectDesc: 'Configura IP per {{iface}} e abilita 802.1X se necessario',
+          ipConfig: 'Configurazione IP',
+          ipConfigDescription: 'Scegli DHCP o imposta un indirizzo statico per questa interfaccia cablata',
+          authTitle: 'Autenticazione 802.1X',
+          authDescription: 'Abilita solo se la rete cablata richiede autenticazione tramite nome utente, password o certificato',
+          driverRequired: '802.1X cablato richiede un wpa_supplicant di sistema con supporto driver wired',
+          addressPlaceholder: 'Indirizzo IP statico (es: 192.168.1.10)',
+          gatewayPlaceholder: 'Gateway (opzionale)',
+          passwordUnchanged: 'Nessuna modifica',
+          privateKeyPasswdUnchanged: 'Nessuna modifica',
+          off: 'Disabilitato',
+          enterprise: 'Aziendale / 802.1X',
+          active: '802.1X abilitato',
+          inactive: '802.1X configurato, in attesa di autenticazione',
+          failed: 'Configurazione della rete cablata 802.1X non riuscita. Riprova.'
+        },
+
         tls: {
           description: 'Abilita protocollo HTTPS',
           tip: "Attenzione: l'uso di HTTPS può aumentare la latenza, soprattutto in modalità video MJPEG."
@@ -415,6 +461,11 @@ const it = {
           ipAddress: 'Indirizzo IP',
           subnetMask: 'Subnet mask',
           router: 'Router',
+          wired: 'Cablata',
+          wireless: 'Wireless',
+          signalStrength: 'Intensità segnale',
+          rxRate: 'Velocità ricezione',
+          txRate: 'Velocità trasmissione',
           none: 'Nessuno'
         }
       },
diff --git a/web/src/i18n/locales/ja.ts b/web/src/i18n/locales/ja.ts
index 91b642aa..79354048 100644
--- a/web/src/i18n/locales/ja.ts
+++ b/web/src/i18n/locales/ja.ts
@@ -385,8 +385,54 @@ const ja = {
           password: 'パスワード',
           joinBtn: '接続',
           confirmBtn: 'OK',
-          cancelBtn: 'キャンセル'
+          cancelBtn: 'キャンセル',
+          ipConfig: 'IP 設定',
+          ipConfigDescription: 'この Wi-Fi 接続に DHCP または静的アドレスを設定',
+          security: 'セキュリティ',
+          personal: 'パーソナル / WPA-PSK',
+          enterprise: 'エンタープライズ / 802.1X',
+          identity: 'ID / ユーザー名',
+          authentication: '認証方式',
+          innerAuthentication: '内部認証',
+          anonymousIdentity: '匿名 ID（任意）',
+          caCert: 'CA 証明書パス（任意）',
+          domainSuffixMatch: 'ドメインサフィックスマッチ（任意）',
+          clientCert: 'クライアント証明書パス',
+          privateKey: '秘密鍵パス',
+          privateKeyPasswd: '秘密鍵パスワード（任意）',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS（証明書）',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
         },
+        ethernet: {
+          title: '有線ネットワーク',
+          description: 'IP 設定とオプションの 802.1X 認証を設定',
+          connect: '有線ネットワークを設定',
+          connectDesc: '{{iface}} の IP 設定を行い、必要に応じて 802.1X 認証を有効にする',
+          ipConfig: 'IP 設定',
+          ipConfigDescription: 'この有線インターフェースに DHCP または静的アドレスを設定',
+          authTitle: '802.1X 認証',
+          authDescription: '有線ネットワークでユーザー名、パスワード、または証明書認証が必要な場合のみ有効にしてください',
+          driverRequired: '有線 802.1X には、wired ドライバーをサポートする wpa_supplicant のシステムビルドが必要です',
+          addressPlaceholder: '静的 IP アドレス（例: 192.168.1.10）',
+          gatewayPlaceholder: 'ゲートウェイ（任意）',
+          passwordUnchanged: '変更なし',
+          privateKeyPasswdUnchanged: '変更なし',
+          off: '無効',
+          enterprise: 'エンタープライズ / 802.1X',
+          active: '802.1X 有効',
+          inactive: '802.1X 設定済み、認証待ち',
+          failed: '有線ネットワーク 802.1X の設定に失敗しました。もう一度お試しください。'
+        },
+
         tls: {
           description: 'HTTPS プロトコルを有効にする',
           tip: '注意：HTTPS を使用すると、特に MJPEG ビデオモードで遅延が増加する可能性があります。'
@@ -413,6 +459,11 @@ const ja = {
           ipAddress: 'IP アドレス',
           subnetMask: 'サブネットマスク',
           router: 'ルーター',
+          wired: '有線',
+          wireless: '無線',
+          signalStrength: '信号強度',
+          rxRate: '受信速度',
+          txRate: '送信速度',
           none: 'なし'
         }
       },
diff --git a/web/src/i18n/locales/ko.ts b/web/src/i18n/locales/ko.ts
index 035272c1..c21dd8b7 100644
--- a/web/src/i18n/locales/ko.ts
+++ b/web/src/i18n/locales/ko.ts
@@ -379,8 +379,54 @@ const ko = {
           password: '비밀번호',
           joinBtn: '연결',
           confirmBtn: '확인',
-          cancelBtn: '취소'
+          cancelBtn: '취소',
+          ipConfig: 'IP 설정',
+          ipConfigDescription: '이 Wi-Fi 연결에 DHCP 또는 고정 주소 설정',
+          security: '보안',
+          personal: '개인 / WPA-PSK',
+          enterprise: '기업 / 802.1X',
+          identity: 'ID / 사용자 이름',
+          authentication: '인증 방식',
+          innerAuthentication: '내부 인증',
+          anonymousIdentity: '익명 ID (선택)',
+          caCert: 'CA 인증서 경로 (선택)',
+          domainSuffixMatch: '도메인 접미사 일치 (선택)',
+          clientCert: '클라이언트 인증서 경로',
+          privateKey: '개인키 경로',
+          privateKeyPasswd: '개인키 비밀번호 (선택)',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS (인증서)',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
         },
+        ethernet: {
+          title: '유선 네트워크',
+          description: 'IP 설정 및 선택적 802.1X 인증 구성',
+          connect: '유선 네트워크 설정',
+          connectDesc: '{{iface}}의 IP 설정을 구성하고 필요시 802.1X 인증 활성화',
+          ipConfig: 'IP 설정',
+          ipConfigDescription: '이 유선 인터페이스에 DHCP 또는 고정 주소 설정',
+          authTitle: '802.1X 인증',
+          authDescription: '유선 네트워크에서 사용자 이름, 비밀번호 또는 인증서 인증이 필요한 경우에만 활성화하세요',
+          driverRequired: '유선 802.1X에는 wired 드라이버를 지원하는 wpa_supplicant 시스템 빌드가 필요합니다',
+          addressPlaceholder: '고정 IP 주소 (예: 192.168.1.10)',
+          gatewayPlaceholder: '게이트웨이 (선택)',
+          passwordUnchanged: '변경 없음',
+          privateKeyPasswdUnchanged: '변경 없음',
+          off: '비활성화',
+          enterprise: '기업 / 802.1X',
+          active: '802.1X 활성화됨',
+          inactive: '802.1X 설정됨, 인증 대기 중',
+          failed: '유선 네트워크 802.1X 설정에 실패했습니다. 다시 시도해 주세요.'
+        },
+
         tls: {
           description: 'HTTPS 프로토콜 활성화',
           tip: '주의: HTTPS 사용 시 특히 MJPEG 비디오 모드에서 지연 시간이 증가할 수 있습니다.'
@@ -407,6 +453,11 @@ const ko = {
           ipAddress: 'IP 주소',
           subnetMask: '서브넷 마스크',
           router: '라우터',
+          wired: '유선',
+          wireless: '무선',
+          signalStrength: '신호 강도',
+          rxRate: '수신 속도',
+          txRate: '송신 속도',
           none: '없음'
         }
       },
diff --git a/web/src/i18n/locales/nb.ts b/web/src/i18n/locales/nb.ts
index 5178a7b7..8f6c88b4 100644
--- a/web/src/i18n/locales/nb.ts
+++ b/web/src/i18n/locales/nb.ts
@@ -383,8 +383,54 @@ const nb = {
           password: 'Passord',
           joinBtn: 'Koble til',
           confirmBtn: 'OK',
-          cancelBtn: 'Avbryt'
+          cancelBtn: 'Avbryt',
+          ipConfig: 'IP-konfigurasjon',
+          ipConfigDescription: 'Velg DHCP eller angi en statisk adresse for denne Wi-Fi-tilkoblingen',
+          security: 'Sikkerhet',
+          personal: 'Personlig / WPA-PSK',
+          enterprise: 'Bedrift / 802.1X',
+          identity: 'Identitet / Brukernavn',
+          authentication: 'Autentisering',
+          innerAuthentication: 'Indre autentisering',
+          anonymousIdentity: 'Anonym identitet (valgfritt)',
+          caCert: 'CA-sertifikatsti (valgfritt)',
+          domainSuffixMatch: 'Domene suffiks-samsvar (valgfritt)',
+          clientCert: 'Klientsertifikatsti',
+          privateKey: 'Privat nøkkelsti',
+          privateKeyPasswd: 'Passord for privat nøkkel (valgfritt)',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS (Sertifikat)',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
         },
+        ethernet: {
+          title: 'Kablet nettverk',
+          description: 'Konfigurer IP-innstillinger og valgfri 802.1X-autentisering',
+          connect: 'Konfigurer kablet nettverk',
+          connectDesc: 'Konfigurer IP for {{iface}} og aktiver 802.1X ved behov',
+          ipConfig: 'IP-konfigurasjon',
+          ipConfigDescription: 'Velg DHCP eller angi en statisk adresse for dette kablede grensesnittet',
+          authTitle: '802.1X-autentisering',
+          authDescription: 'Aktiver bare hvis ditt kablede nettverk krever brukernavn, passord eller sertifikat-autentisering',
+          driverRequired: 'Kablet 802.1X krever en system-wpa_supplicant med støtte for wired-driver',
+          addressPlaceholder: 'Statisk IP-adresse (f.eks. 192.168.1.10)',
+          gatewayPlaceholder: 'Gateway (valgfritt)',
+          passwordUnchanged: 'Ingen endring',
+          privateKeyPasswdUnchanged: 'Ingen endring',
+          off: 'Deaktivert',
+          enterprise: 'Bedrift / 802.1X',
+          active: '802.1X aktivert',
+          inactive: '802.1X konfigurert, venter på autentisering',
+          failed: 'Konfigurasjon av kablet nettverk 802.1X mislyktes. Vennligst prøv igjen.'
+        },
+
         tls: {
           description: 'Aktiver HTTPS-protokoll',
           tip: 'Merk: Bruk av HTTPS kan øke forsinkelsen, spesielt i MJPEG-videomodus.'
@@ -411,6 +457,11 @@ const nb = {
           ipAddress: 'IP-adresse',
           subnetMask: 'Subnettmaske',
           router: 'Ruter',
+          wired: 'Kablet',
+          wireless: 'Trådløst',
+          signalStrength: 'Signalstyrke',
+          rxRate: 'Mottakshastighet',
+          txRate: 'Sendingshastighet',
           none: 'Ingen'
         }
       },
diff --git a/web/src/i18n/locales/nl.ts b/web/src/i18n/locales/nl.ts
index b7d0e1f9..bba48c6f 100644
--- a/web/src/i18n/locales/nl.ts
+++ b/web/src/i18n/locales/nl.ts
@@ -387,8 +387,54 @@ const nl = {
           password: 'Wachtwoord',
           joinBtn: 'Verbinden',
           confirmBtn: 'OK',
-          cancelBtn: 'Annuleren'
+          cancelBtn: 'Annuleren',
+          ipConfig: 'IP-configuratie',
+          ipConfigDescription: 'Kies DHCP of stel een statisch adres in voor deze Wi-Fi verbinding',
+          security: 'Beveiliging',
+          personal: 'Persoonlijk / WPA-PSK',
+          enterprise: 'Zakelijk / 802.1X',
+          identity: 'Identiteit / Gebruikersnaam',
+          authentication: 'Authenticatie',
+          innerAuthentication: 'Interne authenticatie',
+          anonymousIdentity: 'Anonieme identiteit (optioneel)',
+          caCert: 'CA-certificaatpad (optioneel)',
+          domainSuffixMatch: 'Domeinsuffix-overeenkomst (optioneel)',
+          clientCert: 'Clientcertificaatpad',
+          privateKey: 'Privésleutelpad',
+          privateKeyPasswd: 'Privésleutelwachtwoord (optioneel)',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS (Certificaat)',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
         },
+        ethernet: {
+          title: 'Bekabeld netwerk',
+          description: 'IP-instellingen en optionele 802.1X-authenticatie configureren',
+          connect: 'Bekabeld netwerk configureren',
+          connectDesc: 'IP-configuratie voor {{iface}} instellen en 802.1X inschakelen indien nodig',
+          ipConfig: 'IP-configuratie',
+          ipConfigDescription: 'Kies DHCP of stel een statisch adres in voor deze bekabelde interface',
+          authTitle: '802.1X-authenticatie',
+          authDescription: 'Alleen inschakelen als uw bekabelde netwerk gebruikersnaam, wachtwoord of certificaat-authenticatie vereist',
+          driverRequired: 'Bekabeld 802.1X vereist een systeem wpa_supplicant build met wired driver ondersteuning',
+          addressPlaceholder: 'Statisch IP-adres (bijv. 192.168.1.10)',
+          gatewayPlaceholder: 'Gateway (optioneel)',
+          passwordUnchanged: 'Geen wijziging',
+          privateKeyPasswdUnchanged: 'Geen wijziging',
+          off: 'Uitgeschakeld',
+          enterprise: 'Zakelijk / 802.1X',
+          active: '802.1X ingeschakeld',
+          inactive: '802.1X geconfigureerd, wacht op authenticatie',
+          failed: 'Configuratie van bekabeld netwerk 802.1X mislukt. Probeer het opnieuw.'
+        },
+
         tls: {
           description: 'HTTPS-protocol inschakelen',
           tip: 'Let op: HTTPS gebruiken kan de latentie verhogen, vooral in MJPEG-videomodus.'
@@ -415,6 +461,11 @@ const nl = {
           ipAddress: 'IP-adres',
           subnetMask: 'Subnetmasker',
           router: 'Router',
+          wired: 'Bekabeld',
+          wireless: 'Draadloos',
+          signalStrength: 'Signaalsterkte',
+          rxRate: 'Ontvangstsnelheid',
+          txRate: 'Verzendsnelheid',
           none: 'Geen'
         }
       },
diff --git a/web/src/i18n/locales/pl.ts b/web/src/i18n/locales/pl.ts
index be69332b..a8aca3cb 100644
--- a/web/src/i18n/locales/pl.ts
+++ b/web/src/i18n/locales/pl.ts
@@ -386,8 +386,54 @@ const pl = {
           password: 'Hasło',
           joinBtn: 'Połącz',
           confirmBtn: 'OK',
-          cancelBtn: 'Anuluj'
+          cancelBtn: 'Anuluj',
+          ipConfig: 'Konfiguracja IP',
+          ipConfigDescription: 'Wybierz DHCP lub ustaw statyczny adres dla tego połączenia Wi-Fi',
+          security: 'Bezpieczeństwo',
+          personal: 'Osobiste / WPA-PSK',
+          enterprise: 'Firmowe / 802.1X',
+          identity: 'Tożsamość / Nazwa użytkownika',
+          authentication: 'Uwierzytelnianie',
+          innerAuthentication: 'Uwierzytelnianie wewnętrzne',
+          anonymousIdentity: 'Anonimowa tożsamość (opcjonalnie)',
+          caCert: 'Ścieżka certyfikatu CA (opcjonalnie)',
+          domainSuffixMatch: 'Dopasowanie sufiksu domeny (opcjonalnie)',
+          clientCert: 'Ścieżka certyfikatu klienta',
+          privateKey: 'Ścieżka klucza prywatnego',
+          privateKeyPasswd: 'Hasło klucza prywatnego (opcjonalnie)',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS (Certyfikat)',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
         },
+        ethernet: {
+          title: 'Sieć przewodowa',
+          description: 'Konfiguracja IP i opcjonalnego uwierzytelniania 802.1X',
+          connect: 'Skonfiguruj sieć przewodową',
+          connectDesc: 'Skonfiguruj IP dla {{iface}} i włącz 802.1X jeśli potrzeba',
+          ipConfig: 'Konfiguracja IP',
+          ipConfigDescription: 'Wybierz DHCP lub ustaw statyczny adres dla tego interfejsu przewodowego',
+          authTitle: 'Uwierzytelnianie 802.1X',
+          authDescription: 'Włącz tylko jeśli sieć przewodowa wymaga uwierzytelnienia nazwą użytkownika, hasłem lub certyfikatem',
+          driverRequired: 'Przewodowe 802.1X wymaga systemowego wpa_supplicant z obsługą sterownika wired',
+          addressPlaceholder: 'Statyczny adres IP (np. 192.168.1.10)',
+          gatewayPlaceholder: 'Brama (opcjonalnie)',
+          passwordUnchanged: 'Bez zmian',
+          privateKeyPasswdUnchanged: 'Bez zmian',
+          off: 'Wyłączone',
+          enterprise: 'Firmowe / 802.1X',
+          active: '802.1X włączone',
+          inactive: '802.1X skonfigurowane, oczekiwanie na uwierzytelnienie',
+          failed: 'Nie udało się skonfigurować sieci przewodowej 802.1X. Spróbuj ponownie.'
+        },
+
         tls: {
           description: 'Włącz protokół HTTPS',
           tip: 'Uwaga: użycie HTTPS może zwiększyć opóźnienie, szczególnie w trybie wideo MJPEG.'
@@ -414,6 +460,11 @@ const pl = {
           ipAddress: 'Adres IP',
           subnetMask: 'Maska podsieci',
           router: 'Router',
+          wired: 'Przewodowa',
+          wireless: 'Bezprzewodowa',
+          signalStrength: 'Siła sygnału',
+          rxRate: 'Prędkość odbierania',
+          txRate: 'Prędkość wysyłania',
           none: 'Brak'
         }
       },
diff --git a/web/src/i18n/locales/pt_br.ts b/web/src/i18n/locales/pt_br.ts
index e6fd78b3..16aeac0a 100644
--- a/web/src/i18n/locales/pt_br.ts
+++ b/web/src/i18n/locales/pt_br.ts
@@ -384,8 +384,54 @@ const pt_br = {
           password: 'Senha',
           joinBtn: 'Entrar',
           confirmBtn: 'OK',
-          cancelBtn: 'Cancelar'
+          cancelBtn: 'Cancelar',
+          ipConfig: 'Configuração de IP',
+          ipConfigDescription: 'Escolher DHCP ou definir um endereço estático para esta conexão Wi-Fi',
+          security: 'Segurança',
+          personal: 'Pessoal / WPA-PSK',
+          enterprise: 'Empresarial / 802.1X',
+          identity: 'Identidade / Nome de usuário',
+          authentication: 'Autenticação',
+          innerAuthentication: 'Autenticação interna',
+          anonymousIdentity: 'Identidade anônima (opcional)',
+          caCert: 'Caminho do certificado CA (opcional)',
+          domainSuffixMatch: 'Correspondência de sufixo de domínio (opcional)',
+          clientCert: 'Caminho do certificado cliente',
+          privateKey: 'Caminho da chave privada',
+          privateKeyPasswd: 'Senha da chave privada (opcional)',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS (Certificado)',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
         },
+        ethernet: {
+          title: 'Rede cabeada',
+          description: 'Configurar IP e autenticação 802.1X opcional',
+          connect: 'Configurar rede cabeada',
+          connectDesc: 'Configurar IP para {{iface}} e habilitar 802.1X se necessário',
+          ipConfig: 'Configuração de IP',
+          ipConfigDescription: 'Escolher DHCP ou definir um endereço estático para esta interface cabeada',
+          authTitle: 'Autenticação 802.1X',
+          authDescription: 'Ative apenas se sua rede cabeada exigir autenticação por usuário, senha ou certificado',
+          driverRequired: '802.1X cabeado requer um wpa_supplicant do sistema com suporte ao driver wired',
+          addressPlaceholder: 'Endereço IP estático (ex: 192.168.1.10)',
+          gatewayPlaceholder: 'Gateway (opcional)',
+          passwordUnchanged: 'Sem alteração',
+          privateKeyPasswdUnchanged: 'Sem alteração',
+          off: 'Desabilitado',
+          enterprise: 'Empresarial / 802.1X',
+          active: '802.1X habilitado',
+          inactive: '802.1X configurado, aguardando autenticação',
+          failed: 'Falha ao configurar a rede cabeada 802.1X. Por favor, tente novamente.'
+        },
+
         tls: {
           description: 'Habilitar protocolo HTTPS',
           tip: 'Atenção: O uso de HTTPS pode aumentar a latência, especialmente com o modo de vídeo MJPEG.'
@@ -412,6 +458,11 @@ const pt_br = {
           ipAddress: 'Endereço IP',
           subnetMask: 'Máscara de sub-rede',
           router: 'Roteador',
+          wired: 'Cabeada',
+          wireless: 'Sem fio',
+          signalStrength: 'Intensidade do sinal',
+          rxRate: 'Taxa de recepção',
+          txRate: 'Taxa de transmissão',
           none: 'Nenhum'
         }
       },
diff --git a/web/src/i18n/locales/ru.ts b/web/src/i18n/locales/ru.ts
index 9b79faa3..3cfa94fa 100644
--- a/web/src/i18n/locales/ru.ts
+++ b/web/src/i18n/locales/ru.ts
@@ -386,8 +386,54 @@ const ru = {
           password: 'Пароль',
           joinBtn: 'Подключить',
           confirmBtn: 'OK',
-          cancelBtn: 'Отмена'
+          cancelBtn: 'Отмена',
+          ipConfig: 'Настройка IP',
+          ipConfigDescription: 'Выберите DHCP или установите статический адрес для этого Wi-Fi подключения',
+          security: 'Безопасность',
+          personal: 'Личная / WPA-PSK',
+          enterprise: 'Корпоративная / 802.1X',
+          identity: 'Идентификатор / Имя пользователя',
+          authentication: 'Аутентификация',
+          innerAuthentication: 'Внутренняя аутентификация',
+          anonymousIdentity: 'Анонимный идентификатор (необязательно)',
+          caCert: 'Путь к сертификату CA (необязательно)',
+          domainSuffixMatch: 'Совпадение суффикса домена (необязательно)',
+          clientCert: 'Путь к клиентскому сертификату',
+          privateKey: 'Путь к закрытому ключу',
+          privateKeyPasswd: 'Пароль закрытого ключа (необязательно)',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS (Сертификат)',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
         },
+        ethernet: {
+          title: 'Проводная сеть',
+          description: 'Настройка IP и опциональной аутентификации 802.1X',
+          connect: 'Настроить проводную сеть',
+          connectDesc: 'Настроить IP для {{iface}} и включить 802.1X при необходимости',
+          ipConfig: 'Настройка IP',
+          ipConfigDescription: 'Выберите DHCP или установите статический адрес для этого проводного интерфейса',
+          authTitle: 'Аутентификация 802.1X',
+          authDescription: 'Включите только если ваша проводная сеть требует аутентификацию по имени пользователя, паролю или сертификату',
+          driverRequired: 'Проводной 802.1X требует системный wpa_supplicant с поддержкой драйвера wired',
+          addressPlaceholder: 'Статический IP-адрес (например: 192.168.1.10)',
+          gatewayPlaceholder: 'Шлюз (необязательно)',
+          passwordUnchanged: 'Без изменений',
+          privateKeyPasswdUnchanged: 'Без изменений',
+          off: 'Отключено',
+          enterprise: 'Корпоративная / 802.1X',
+          active: '802.1X включён',
+          inactive: '802.1X настроен, ожидание аутентификации',
+          failed: 'Ошибка настройки проводной сети 802.1X. Пожалуйста, попробуйте снова.'
+        },
+
         tls: {
           description: 'Включить протокол HTTPS',
           tip: 'Имейте в виду: использование HTTPS может увеличить задержку, особенно в режиме видео MJPEG.'
@@ -414,6 +460,11 @@ const ru = {
           ipAddress: 'IP-адрес',
           subnetMask: 'Маска подсети',
           router: 'Маршрутизатор',
+          wired: 'Проводная',
+          wireless: 'Беспроводная',
+          signalStrength: 'Уровень сигнала',
+          rxRate: 'Скорость приёма',
+          txRate: 'Скорость передачи',
           none: 'Нет'
         }
       },
diff --git a/web/src/i18n/locales/se.ts b/web/src/i18n/locales/se.ts
index 7662d627..2fa3c8c0 100644
--- a/web/src/i18n/locales/se.ts
+++ b/web/src/i18n/locales/se.ts
@@ -380,8 +380,54 @@ const se = {
           password: 'Lösenord',
           joinBtn: 'Anslut',
           confirmBtn: 'OK',
-          cancelBtn: 'Avbryt'
+          cancelBtn: 'Avbryt',
+          ipConfig: 'IP-konfiguration',
+          ipConfigDescription: 'Välj DHCP eller ange en statisk adress för detta Wi-Fi-anslutning',
+          security: 'Säkerhet',
+          personal: 'Personlig / WPA-PSK',
+          enterprise: 'Företag / 802.1X',
+          identity: 'Identitet / Användarnamn',
+          authentication: 'Autentisering',
+          innerAuthentication: 'Inre autentisering',
+          anonymousIdentity: 'Anonym identitet (valfritt)',
+          caCert: 'CA-certifikatsökväg (valfritt)',
+          domainSuffixMatch: 'Domänuffix-matchning (valfritt)',
+          clientCert: 'Klientcertifikatsökväg',
+          privateKey: 'Privat nyckelsökväg',
+          privateKeyPasswd: 'Lösenord för privat nyckel (valfritt)',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS (Certifikat)',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
         },
+        ethernet: {
+          title: 'Trådbundet nätverk',
+          description: 'Konfigurera IP-inställningar och valfri 802.1X-autentisering',
+          connect: 'Konfigurera trådbundet nätverk',
+          connectDesc: 'Konfigurera IP för {{iface}} och aktivera 802.1X vid behov',
+          ipConfig: 'IP-konfiguration',
+          ipConfigDescription: 'Välj DHCP eller ange en statisk adress för detta trådbundna gränssnitt',
+          authTitle: '802.1X-autentisering',
+          authDescription: 'Aktivera endast om ditt trådbundna nätverk kräver användarnamn, lösenord eller certifikat-autentisering',
+          driverRequired: 'Trådbundet 802.1X kräver en system-wpa_supplicant med stöd för wired-drivrutin',
+          addressPlaceholder: 'Statisk IP-adress (t.ex. 192.168.1.10)',
+          gatewayPlaceholder: 'Gateway (valfritt)',
+          passwordUnchanged: 'Ingen ändring',
+          privateKeyPasswdUnchanged: 'Ingen ändring',
+          off: 'Inaktiverad',
+          enterprise: 'Företag / 802.1X',
+          active: '802.1X aktiverad',
+          inactive: '802.1X konfigurerad, väntar på autentisering',
+          failed: 'Misslyckades med att konfigurera trådbundet nätverk 802.1X. Försök igen.'
+        },
+
         tls: {
           description: 'Aktivera HTTPS-protokoll',
           tip: 'Observera: Användning av HTTPS kan öka fördröjningen, särskilt med MJPEG-läge.'
@@ -408,6 +454,11 @@ const se = {
           ipAddress: 'IP-adress',
           subnetMask: 'Subnätmask',
           router: 'Router',
+          wired: 'Trådbundet',
+          wireless: 'Trådlöst',
+          signalStrength: 'Signalstyrka',
+          rxRate: 'Mottagningshastighet',
+          txRate: 'Sändningshastighet',
           none: 'Ingen'
         }
       },
diff --git a/web/src/i18n/locales/th.ts b/web/src/i18n/locales/th.ts
index bf2d5a35..c26a8c2d 100644
--- a/web/src/i18n/locales/th.ts
+++ b/web/src/i18n/locales/th.ts
@@ -377,8 +377,54 @@ const th = {
           password: 'รหัสผ่าน',
           joinBtn: 'เข้าร่วม',
           confirmBtn: 'ตกลง',
-          cancelBtn: 'ยกเลิก'
+          cancelBtn: 'ยกเลิก',
+          ipConfig: 'กำหนดค่า IP',
+          ipConfigDescription: 'เลือก DHCP หรือตั้งค่าที่อยู่แบบคงที่สำหรับการเชื่อมต่อ Wi-Fi นี้',
+          security: 'ความปลอดภัย',
+          personal: 'ส่วนบุคคล / WPA-PSK',
+          enterprise: 'องค์กร / 802.1X',
+          identity: 'ID / ชื่อผู้ใช้',
+          authentication: 'การยืนยันตัวตน',
+          innerAuthentication: 'การยืนยันตัวตนภายใน',
+          anonymousIdentity: 'ID นิรนาม (ไม่บังคับ)',
+          caCert: 'เส้นทางใบรับรอง CA (ไม่บังคับ)',
+          domainSuffixMatch: 'การจับคู่นามสกุลโดเมน (ไม่บังคับ)',
+          clientCert: 'เส้นทางใบรับรองไคลเอนต์',
+          privateKey: 'เส้นทางกุญแจส่วนตัว',
+          privateKeyPasswd: 'รหัสผ่านกุญแจส่วนตัว (ไม่บังคับ)',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS (ใบรับรอง)',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
         },
+        ethernet: {
+          title: 'เครือข่ายแบบมีสาย',
+          description: 'กำหนดค่า IP และการยืนยันตัวตน 802.1X แบบเลือกได้',
+          connect: 'กำหนดค่าเครือข่ายแบบมีสาย',
+          connectDesc: 'กำหนดค่า IP สำหรับ {{iface}} และเปิดใช้งาน 802.1X หากจำเป็น',
+          ipConfig: 'กำหนดค่า IP',
+          ipConfigDescription: 'เลือก DHCP หรือตั้งค่าที่อยู่แบบคงที่สำหรับอินเทอร์เฟซแบบมีสายนี้',
+          authTitle: 'การยืนยันตัวตน 802.1X',
+          authDescription: 'เปิดใช้งานเฉพาะเมื่อเครือข่ายแบบมีสายของคุณต้องการการยืนยันตัวตนด้วยชื่อผู้ใช้ รหัสผ่าน หรือใบรับรอง',
+          driverRequired: 'เครือข่ายแบบมีสาย 802.1X ต้องการ wpa_supplicant ที่รองรับไดรเวอร์ wired',
+          addressPlaceholder: 'ที่อยู่ IP แบบคงที่ (เช่น 192.168.1.10)',
+          gatewayPlaceholder: 'เกตเวย์ (ไม่บังคับ)',
+          passwordUnchanged: 'ไม่เปลี่ยนแปลง',
+          privateKeyPasswdUnchanged: 'ไม่เปลี่ยนแปลง',
+          off: 'ปิดใช้งาน',
+          enterprise: 'องค์กร / 802.1X',
+          active: '802.1X เปิดใช้งานแล้ว',
+          inactive: '802.1X กำหนดค่าแล้ว รอการยืนยันตัวตน',
+          failed: 'กำหนดค่าเครือข่ายแบบมีสาย 802.1X ล้มเหลว กรุณาลองใหม่'
+        },
+
         tls: {
           description: 'เปิดใช้งานโปรโตคอล HTTPS',
           tip: 'โปรดทราบ: การใช้ HTTPS อาจเพิ่มความหน่วง โดยเฉพาะในโหมดวิดีโอ MJPEG'
@@ -405,6 +451,11 @@ const th = {
           ipAddress: 'ที่อยู่ IP',
           subnetMask: 'ซับเน็ตมาสก์',
           router: 'เราเตอร์',
+          wired: 'แบบมีสาย',
+          wireless: 'แบบไร้สาย',
+          signalStrength: 'ความแรงของสัญญาณ',
+          rxRate: 'อัตราการรับ',
+          txRate: 'อัตราการส่ง',
           none: 'ไม่มี'
         }
       },
diff --git a/web/src/i18n/locales/tr.ts b/web/src/i18n/locales/tr.ts
index fcdf3ea3..2960f0c2 100644
--- a/web/src/i18n/locales/tr.ts
+++ b/web/src/i18n/locales/tr.ts
@@ -384,8 +384,54 @@ const tr = {
           password: 'Parola',
           joinBtn: 'Katıl',
           confirmBtn: 'Tamam',
-          cancelBtn: 'İptal'
+          cancelBtn: 'İptal',
+          ipConfig: 'IP yapılandırması',
+          ipConfigDescription: 'Bu Wi-Fi bağlantısı için DHCP seçin veya statik adres ayarlayın',
+          security: 'Güvenlik',
+          personal: 'Kişisel / WPA-PSK',
+          enterprise: 'Kurumsal / 802.1X',
+          identity: 'Kimlik / Kullanıcı adı',
+          authentication: 'Kimlik doğrulama',
+          innerAuthentication: 'Dahili kimlik doğrulama',
+          anonymousIdentity: 'Anonim kimlik (isteğe bağlı)',
+          caCert: 'CA sertifika yolu (isteğe bağlı)',
+          domainSuffixMatch: 'Alan adı son ek eşleşmesi (isteğe bağlı)',
+          clientCert: 'İstemci sertifika yolu',
+          privateKey: 'Özel anahtar yolu',
+          privateKeyPasswd: 'Özel anahtar şifresi (isteğe bağlı)',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS (Sertifika)',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
         },
+        ethernet: {
+          title: 'Kablolu ağ',
+          description: 'IP ayarları ve isteğe bağlı 802.1X kimlik doğrulaması yapılandırması',
+          connect: 'Kablolu ağı yapılandır',
+          connectDesc: '{{iface}} için IP yapılandırmasını ayarlayın ve gerekirse 802.1X kimlik doğrulamasını etkinleştirin',
+          ipConfig: 'IP yapılandırması',
+          ipConfigDescription: 'Bu kablolu arayüz için DHCP seçin veya statik adres ayarlayın',
+          authTitle: '802.1X kimlik doğrulama',
+          authDescription: 'Yalnızca kablolu ağınız kullanıcı adı, şifre veya sertifika kimlik doğrulaması gerektiriyorsa etkinleştirin',
+          driverRequired: 'Kablolu 802.1X, wired sürücü desteğine sahip bir sistem wpa_supplicant derlemesi gerektirir',
+          addressPlaceholder: 'Statik IP adresi (örn: 192.168.1.10)',
+          gatewayPlaceholder: 'Ağ geçidi (isteğe bağlı)',
+          passwordUnchanged: 'Değişiklik yok',
+          privateKeyPasswdUnchanged: 'Değişiklik yok',
+          off: 'Devre dışı',
+          enterprise: 'Kurumsal / 802.1X',
+          active: '802.1X etkin',
+          inactive: '802.1X yapılandırıldı, kimlik doğrulama bekleniyor',
+          failed: 'Kablolu ağ 802.1X yapılandırması başarısız oldu. Lütfen tekrar deneyin.'
+        },
+
         tls: {
           description: 'HTTPS protokolünü etkinleştir',
           tip: 'HTTPS protokolü bağlantıda gecikmeye sebep olabilir, özellikle MJPEG görüntü modu ile.'
@@ -412,6 +458,11 @@ const tr = {
           ipAddress: 'IP Adresi',
           subnetMask: 'Alt Ağ Maskesi',
           router: 'Yönlendirici',
+          wired: 'Kablolu',
+          wireless: 'Kablosuz',
+          signalStrength: 'Sinyal gücü',
+          rxRate: 'Alış hızı',
+          txRate: 'Gönderim hızı',
           none: 'Yok'
         }
       },
diff --git a/web/src/i18n/locales/uk.ts b/web/src/i18n/locales/uk.ts
index 1187a4d4..260f4afe 100644
--- a/web/src/i18n/locales/uk.ts
+++ b/web/src/i18n/locales/uk.ts
@@ -9,14 +9,14 @@ const uk = {
     },
     auth: {
       login: 'Вхід',
-      placeholderUsername: "Введіть ім'я користувача",
+      placeholderUsername: "Введіть ім\'я користувача",
       placeholderPassword: 'Введіть пароль',
       placeholderPassword2: 'Введіть пароль ще раз',
       noEmptyUsername: "Ім'я користувача не може бути порожнім",
       noEmptyPassword: 'Пароль не може бути порожнім',
       noAccount:
         'Не вдалося отримати інформацію про користувача, оновіть веб-сторінку або скиньте пароль',
-      invalidUser: "Недійсне ім'я користувача або пароль",
+      invalidUser: "Недійсне ім\'я користувача або пароль",
       locked: 'Забагато входів, спробуйте пізніше',
       globalLocked: 'Система під захистом, спробуйте пізніше',
       error: 'Якась халепа! Непередбачена помилка :(',
@@ -384,8 +384,54 @@ const uk = {
           password: 'Пароль',
           joinBtn: 'Підключити',
           confirmBtn: 'OK',
-          cancelBtn: 'Скасувати'
+          cancelBtn: 'Скасувати',
+          ipConfig: 'Налаштування IP',
+          ipConfigDescription: 'Оберіть DHCP або встановіть статичну адресу для цього Wi-Fi з\'єднання',
+          security: 'Безпека',
+          personal: 'Особиста / WPA-PSK',
+          enterprise: 'Корпоративна / 802.1X',
+          identity: 'Ідентифікатор / Ім\'я користувача',
+          authentication: 'Аутентифікація',
+          innerAuthentication: 'Внутрішня аутентифікація',
+          anonymousIdentity: 'Анонімний ідентифікатор (необов\'язково)',
+          caCert: 'Шлях до сертифіката CA (необов\'язково)',
+          domainSuffixMatch: 'Збіг суфіксу домену (необов\'язково)',
+          clientCert: 'Шлях до сертифіката клієнта',
+          privateKey: 'Шлях до приватного ключа',
+          privateKeyPasswd: 'Пароль приватного ключа (необов\'язково)',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS (Сертифікат)',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
         },
+        ethernet: {
+          title: 'Дротова мережа',
+          description: 'Налаштування IP та опціональної аутентифікації 802.1X',
+          connect: 'Налаштувати дротову мережу',
+          connectDesc: 'Налаштувати IP для {{iface}} та увімкнути 802.1X за потреби',
+          ipConfig: 'Налаштування IP',
+          ipConfigDescription: 'Оберіть DHCP або встановіть статичну адресу для цього дротового інтерфейсу',
+          authTitle: 'Аутентифікація 802.1X',
+          authDescription: 'Увімкніть лише якщо ваша дротова мережа вимагає аутентифікацію за ім\'ям користувача, паролем або сертифікатом',
+          driverRequired: 'Дротовий 802.1X потребує системний wpa_supplicant з підтримкою драйвера wired',
+          addressPlaceholder: 'Статична IP-адреса (наприклад: 192.168.1.10)',
+          gatewayPlaceholder: 'Шлюз (необов\'язково)',
+          passwordUnchanged: 'Без змін',
+          privateKeyPasswdUnchanged: 'Без змін',
+          off: 'Вимкнено',
+          enterprise: 'Корпоративна / 802.1X',
+          active: '802.1X увімкнено',
+          inactive: '802.1X налаштовано, очікування аутентифікації',
+          failed: 'Помилка налаштування дротової мережі 802.1X. Спробуйте ще раз.'
+        },
+
         tls: {
           description: 'Увімкнути протокол HTTPS',
           tip: 'Будьте в курсі: Використання HTTPS може збільшити затримку, особливо в режимі відео MJPEG.'
@@ -412,6 +458,11 @@ const uk = {
           ipAddress: 'IP-адреса',
           subnetMask: 'Маска підмережі',
           router: 'Маршрутизатор',
+          wired: 'Дротова',
+          wireless: 'Бездротова',
+          signalStrength: 'Рівень сигналу',
+          rxRate: 'Швидкість прийому',
+          txRate: 'Швидкість передачі',
           none: 'Немає'
         }
       },
diff --git a/web/src/i18n/locales/vi.ts b/web/src/i18n/locales/vi.ts
index 873531d2..ef62cc75 100644
--- a/web/src/i18n/locales/vi.ts
+++ b/web/src/i18n/locales/vi.ts
@@ -381,8 +381,54 @@ const vi = {
           password: 'Mật khẩu',
           joinBtn: 'Tham gia',
           confirmBtn: 'OK',
-          cancelBtn: 'Hủy'
+          cancelBtn: 'Hủy',
+          ipConfig: 'Cấu hình IP',
+          ipConfigDescription: 'Chọn DHCP hoặc đặt địa chỉ tĩnh cho kết nối Wi-Fi này',
+          security: 'Bảo mật',
+          personal: 'Cá nhân / WPA-PSK',
+          enterprise: 'Doanh nghiệp / 802.1X',
+          identity: 'ID / Tên người dùng',
+          authentication: 'Xác thực',
+          innerAuthentication: 'Xác thực nội bộ',
+          anonymousIdentity: 'ID ẩn danh (tùy chọn)',
+          caCert: 'Đường dẫn chứng chỉ CA (tùy chọn)',
+          domainSuffixMatch: 'Khớp hậu tố tên miền (tùy chọn)',
+          clientCert: 'Đường dẫn chứng chỉ máy khách',
+          privateKey: 'Đường dẫn khóa riêng',
+          privateKeyPasswd: 'Mật khẩu khóa riêng (tùy chọn)',
+          eapPeap: 'Protected EAP (PEAP)',
+          eapTtls: 'Tunneled TLS (TTLS)',
+          eapTls: 'TLS (Chứng chỉ)',
+          eapPwd: 'PWD',
+          eapLeap: 'LEAP',
+          authMschapv2: 'MSCHAPv2',
+          authMschap: 'MSCHAP',
+          authChap: 'CHAP',
+          authPap: 'PAP',
+          authGtc: 'GTC',
+          authMd5: 'MD5',
         },
+        ethernet: {
+          title: 'Mạng có dây',
+          description: 'Cấu hình IP và xác thực 802.1X tùy chọn',
+          connect: 'Cấu hình mạng có dây',
+          connectDesc: 'Cấu hình IP cho {{iface}} và bật 802.1X nếu cần',
+          ipConfig: 'Cấu hình IP',
+          ipConfigDescription: 'Chọn DHCP hoặc đặt địa chỉ tĩnh cho giao diện có dây này',
+          authTitle: 'Xác thực 802.1X',
+          authDescription: 'Chỉ bật nếu mạng có dây của bạn yêu cầu xác thực bằng tên người dùng, mật khẩu hoặc chứng chỉ',
+          driverRequired: 'Mạng có dây 802.1X cần wpa_supplicant với hỗ trợ trình điều khiển wired',
+          addressPlaceholder: 'Địa chỉ IP tĩnh (vd: 192.168.1.10)',
+          gatewayPlaceholder: 'Cổng mạng (tùy chọn)',
+          passwordUnchanged: 'Không thay đổi',
+          privateKeyPasswdUnchanged: 'Không thay đổi',
+          off: 'Tắt',
+          enterprise: 'Doanh nghiệp / 802.1X',
+          active: '802.1X đã bật',
+          inactive: '802.1X đã cấu hình, đang chờ xác thực',
+          failed: 'Cấu hình mạng có dây 802.1X thất bại. Vui lòng thử lại.'
+        },
+
         tls: {
           description: 'Bật giao thức HTTPS',
           tip: 'Lưu ý: Sử dụng HTTPS có thể tăng độ trễ, đặc biệt trong chế độ video MJPEG.'
@@ -409,6 +455,11 @@ const vi = {
           ipAddress: 'Địa chỉ IP',
           subnetMask: 'Mặt nạ mạng con',
           router: 'Bộ định tuyến',
+          wired: 'Có dây',
+          wireless: 'Không dây',
+          signalStrength: 'Cường độ tín hiệu',
+          rxRate: 'Tốc độ nhận',
+          txRate: 'Tốc độ gửi',
           none: 'Không có'
         }
       },
diff --git a/web/src/i18n/locales/zh.ts b/web/src/i18n/locales/zh.ts
index e6ec1a62..b6314d97 100644
--- a/web/src/i18n/locales/zh.ts
+++ b/web/src/i18n/locales/zh.ts
@@ -446,7 +446,7 @@ const zh = {
           wireless: '无线',
           ipAddress: 'IP 地址',
           subnetMask: '子网掩码',
-          router: '路由器',
+          router: '路由',
           signalStrength: '信号强度',
           rxRate: '接收速率',
           txRate: '发送速率',
diff --git a/web/src/i18n/locales/zh_tw.ts b/web/src/i18n/locales/zh_tw.ts
index 5faf8081..e0825410 100644
--- a/web/src/i18n/locales/zh_tw.ts
+++ b/web/src/i18n/locales/zh_tw.ts
@@ -446,7 +446,7 @@ const zh_tw = {
           wireless: '無線',
           ipAddress: 'IP 位址',
           subnetMask: '子網路遮罩',
-          router: '路由器',
+          router: '路由',
           signalStrength: '訊號強度',
           rxRate: '接收速率',
           txRate: '傳送速率',