Wireless Network

From SPSU Wiki

(Redirected from SPSU Campus Wireless)

Yes, Southern Polytechnic State University has a wireless network. However, it is not a free public access point. It is protected via EAS-TTLS, and thus requires an EAS-TTLS client, and an SPSU network account (which is your school email address). It should also work under any operating system that supports your wireless network card and has support for EAP-TTLS and WEP.

Contents

[edit]

SecureW2

SecureW2 Open Source EAP-TTLS client is the offical client of SPSU. This is the client used originally by the IT staff before they switched to AEGIS wireless client. However, after consistent difficulty setting up the wireless on students laptops, the IT department officially announced that they were switching back to the more reliable SecureW2 Client. The IT Helpdesk can help you configure your wireless laptop for SPSU's wireless network. To get it configured, simply bring your wireless enabled laptop to the IT Helpdesk in H242, and they will get everything set up. SecureW2 can be downloaded from SecureW2.com and configuration instructions can be found here.

If you want to use the updated SecureW2 client, you can see how to set it up at here. Instructions are for Windows 2000, Windows XP SP1, and Windows XP SP2 are currently available. SPSU does not officially support Vista yet however there is a patched SecureW2 client that is supposed to work on Vista that can be obtained here or by visiting the IT lab in room H-240. However, the IT lab is committed to supporting current software and as such is working diligently to provide a means for Windows Vista users to get reliably online.

[edit]

Intel ProSet Wireless cards

This will walk you through setting up your Intel ProSet wireless card. (NOTE: you may or may not need Secure W2 installed in order to obtain the required certificates, I set this up after I already had it installed so I don't know if it works without it)

  1. Right click the Intel Pro wireless manager in the bottom right of your screen by right clicking the icon and selecting "Open Intel Proset/Wireless"
  2. Click on the "Profiles" button
  3. Click the "Add" button
  4. Enter a name you want your wireless profile to be called (I just called it school, but you can put what you want)
  5. Enter in the "Wireless Network Name (SSID)" which is "hornet"
  6. Click the "Next" button
  7. Select the "Enterprise Security" option on the top of the next screen
  8. Network Authentication should be "WPA - Enterprise"
  9. Data Encryption Should be set to "TKIP"
  10. Authentication Type Should be set to "TTLS"
  11. In the box that says "User Name" enter in your SPSU email username
  12. In the box that says "Password" and "Confirm Password" enter in your SPSU email password
  13. In the "Roaming Identity" box type in "anonymous@spsu.edu"
  14. Click "Next" button
  15. Click the "OK" button

Now, when you finish make sure that when you right click the intel pro icon, in the taskbar, at the bottom of the menu that appears it says "Use windows to manage wi-fi". That means that the intel program is monitoring your wireless and you can open up the intel wireless program and select either the profile you just made and connect to it. If it says something other than "Use windows to manage wi-fi" click on the text to enable the intel program and then continue to select the network profile.

[edit]

Broadcom 802.11g / Dell Truemobile Wireless (New Version)

I just updated my laptop's internal wireless network card (Dell Truemobile 1350.. based on the Broadcom 802.11g) and it included a new utility. Here is the setup instructions to let it configure it for use on Hornet. If you want a nice PDF with graphics, I can provide one upon request.

  1. Open the Utility... It should be on your start menu somewhere
  2. Go to the Wireless Network Tab
  3. Click the drop down next to Add and choose Use Utility (advanced network)
  4. Set Network Name (SSID) to 'hornet'
  5. Make sure "Ad Hoc Network" is unchecked
  6. Choose 802.1X under Network Authentication
  7. TTLS under EAP Method
  8. PAP under inner EAP method
  9. Click on the username/password tab
  10. Under Domain\Username, put your school username (if your email was johnsmith@spsu.edu, your username is johnsmith)
  11. Use your email / network account password. If it doesn't work, and its longer than 8 characters, try shortening it to 8 characters.
  12. Click on Client Identity tab
  13. Type in anonymous on the only line there

Now, just apply/ok everywhere and it should see the network and authenticate. Validating the server certificate is recommended, but it has problems with my (Jhaygood86) laptop.

[edit]

Broadcom 802.11g / Dell Truemobile Wireless (Old Version)

If you have the Broadcom / Dell Wireless Utility (same program!), then you can use your own software, as they can do the authentication using their native driver. The official utility utilizes a customized version of Meetinghouse's AEGIS software for authentication.

Simply open your utility, and goto the "Wireless Networks" tab.

  1. Check "Let this tool manage your wireless settings"
  2. Add a new wireless network
  3. Use 'hornet' as the Network Name / SSID
  4. Network Authentication is 802.1X
  5. Data Encryption is WPA
  6. Switch to the Authentication tab
  7. EAP method is 'TTLS'
  8. Tunneled Authentication Protocol is 'PAP'
  9. Under Domain\Username, put your school username (if your email was johnsmith@spsu.edu, your username is johnsmith)
  10. Use your email / network account password. If it doesn't work, and its longer than 8 characters, try shortening it to 8 characters.
  11. Check Validate Server Certificate
  12. Change Issuer to 'Thawte Server CA'

Now, just apply/ok everywhere, and it should see the network and authenticate.

[edit]

Wireless Installation / wpa_supplicant

If your OS supports NetworkManager, simply follow the basic instructions from above. If it supports wpa_supplicant, use the following in /etc/wpa_supplicant.conf 

# EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the 
# unencrypted use. Real identity is sent only within an encrypted TLS tunnel.
network={
        ssid="hornet"
        key_mgmt=WPA-EAP
        eap=TTLS
        identity="username"
        anonymous_identity="anonymous"
        password="password"
        ca_cert="/etc/cert/ca.pem"
        priority=2
        phase2="auth=PAP"
}
[edit]

Wireless Setup Ubuntu 7.10 Gutsy Gibbon

  1. Left click on the network manager icon in the top right of your screen in Gnome.
  2. Select the "Hornet" wireless network
  3. When a window pops up asking for the wireless credentials enter in the information it asks for: 
EAP Method = TTLS
Key Type = TKIP
Phase2 = PAP
Identity = SPSU EMAIL USERNAME
Password = SPSU EMAIL PASSWORD
Anonymous Identity = anonymous
[edit]

Wireless Installation Mac OS X Tiger

  1. Choose 'GO', scroll to >Applications
  2. Open Internet Connect
  3. Choose 'File'> New 802.1x Connection
  4. Choose a configuration from the Configuration pop-up menu. If there is not a configuration available, choose Edit Configurations, and create a new configuration.
  5. Save the Configuration, i.e. SPSU
  6. Choose AirPort for the Network Port
  7. Insert your 'Network ID' (your email address for SPSU, without the @spsu.edu), your password, and Wireless network name: hornet.
  8. Under Authentication verify TTLS is the only box checked. Click once to uncheck any other boxes.
  9. Highlight TTLS and select <configure>
  10. Change TTLS Inner Authentication to PAP
  11. type anonymous for the Outer Identity
  12. Click OK
  13. Accept 'All' certificates
[edit]

Wireless Installation Mac OS X Leopard (10.5)

Prepared by Etsehiwot E. Terefe

A PDF version of the installation instructions (with pictures) can be found at: http://www.spsu.edu/infotech/wireless/leopard-wireless.pdf

  1. Click on the Airport Icon, and then select “Turn Airport On”
  2. Click on the Airport Icon again and choose “Open Network Preferences”
  3. Click on the Airport Icon again and choose “Open Network Preferences”
  4. Select Airport for Network Port in the left window pane

Make sure: a. Status is ON b. Network name is hornet c. Both boxes for <Ask to join new network> and <show airport status> are the only boxes checked

  1. Click the Advanced button. Note: You should see hornet (WPA Enterprise) in the Preferred Networks box. If

there is more than one hornet profile present, delete the rest of the profiles and only leave one.

  1. Highlight hornet (WPA Enterprise) then click the edit symbol (pencil) which is located next to the minus sign
  2. Fill out the following: a. Network Name: hornet b. Security: 802.1X WEP c. User Name (SPSU network ID): NetworkID d. Password (SPSU network Password): ******** e. 802.1X: Automatic
  3. Make sure Remember this network box is checked
  4. Then click ADD
  5. Make sure Remember any network this computer has joined is the only box checked.
  6. You should see hornet (802.1X WEP) in the Preferred Networks box .
  7. Highlight it then click 802.1X tab located at the top right corner of the window
  8. Make sure of the following: a. State: 802.1X login is DISABLED b. Certificate: Unknown c. Authentication: TTLS is the only box checked
  9. Change the Domain from Login Windows to USER
  10. Configurations box should be empty, if Configurations box is not empty

delete all profiles present, then follow the following steps: a. Create a hornet profile by clicking on the + sign located on the bottom left corner of the window b. Insert your Use Name, Password, and Wireless Network name i. User Name (SPSU email): networkID ii. Password (SPSU email): ******** iii. Wireless Network: hornet c. Under Authentication verify TTLS is the only box checked. Click once to uncheck any other boxes. d. Highlight TTLS and select Configure

  1. Change TTLS Inner Authentication to PAP
  2. Leave Outer Identity box empty
  3. Click OK
  4. Enter YOUR computer login User Name and Password, NOT your SPSU login
  5. Click OK
  6. Click OK to accept the changes on your 802.1X screen.
  7. Click Apply which is located in the lower right corner of the window (fig. 11).ഊ23) Turn Airport OFF (wireless radio)
  8. Turn Airport back ON
  9. Click Continue on <Verify Certificate> Pop up Window
[edit]

IBM (Lenovo) ThinkPads

Many of the built-in wireless adapters in ThinkPad computers support EAP-TTLS natively. If yours does, you can use the software that came with with your ThinkPad. There's a list here: http://www-306.ibm.com/pc/support/site.wss/migr-4zlnjb.html

I've been able to configure an SPSU-issued ThinkPad to access the wireless network with only the software supplied by IBM.

  • Using IBM Access Connections, click "Locations"
  • Create a new location profile by clicking "Create New Profile"
  • Supply a profile name like "SPSU Wireless" and choose one of the cute icons to represent this location.
  • Select "Wireless LAN (802.11).
  • Select your built-in wireless adapter. This will probably be the only choice. Click "Next"
  • Make the Network Name (SSID) "hornet" in lower case; set the connection type to "infrastructure" and wireless mode to "auto." In "Wireless Security Type" select "Use IEEE 802.1x Authentication." Click the "Properties" button.
  • Set access point authentication to "WPA," data encryption to "TKIP" and EAP Type to "TTLS."
  • Your only choice for authentication protocol should be MS-CHAP-V2. Select that and click the "Enter user credentials" button. I chose to save my user ID and password in the profile by selecting "Use saved user name and password." It would be more secure to select "Prompt temporary user name and password. In either case, your user name is that part of your SPSU email address before the @-sign, and your password is your SPSU email password. Leave "Roaming Identity/Logon Name" blank. Un-check "Validate server certificate" and click "OK"
  • You do not need to change the advanced configuration. Click "Next."
  • On the following screen, by "Network Security" click "Settings" and be sure all three blocks are checked. Click "OK."
  • If you like, you can set the default printer to use when wireless by checking "Set defalt printer."
  • Check "Override TCP/IP and DNS defaults. Click "Settings" and make sure "Obtain an IP address automatically" and "Obtain DNS Server Automatically" are selected. Click "OK."
  • "Override home page" allows you to set a special home page when you're wireless. Un-check it to use your regular home page.
  • Check "Override proxy configuration" and under "Settings" check "Do not use proxy." Click OK.
  • Click "Finish"
  • The next screen sets up Internet Explorer. The defaults are probably OK. Click "Next."
  • On the Security Settings screen, and click "Next."
  • On the "Printer Setup" screen, you can choose a default printer for use when you're wireless or select that you do not need one. Click "Next"
  • Save the profile, and if you are within range of a wireless AP, you can select "Yes" when asked whether to apply the profile now.
  • If you selected "temporary user ID and password" above, you will be prompted for your user ID and password.
  • Done!

I have tested this setup, and it works. However, in areas of weak signal strength, association with the wireless AP may fail, or, if association succeeds, obtaining an IP configuration may fail.

[edit]

Access Point Locations

  • Atrium Building (J Building)
  • IT Lab (H Building)
  • Library
  • Student Center

Full coverage information can be found here

Retrieved from "http://wiki.spsu.edu/index.php/Wireless_Network"