imported>Mjh |
|
(6 intermediate revisions by 3 users not shown) |
Line 1: |
Line 1: |
− | Since the fall of 2008, there have been two wireless networks on campus. One network, called '''VT-Wireless''', encrypts all traffic and is secured with EAP-TLS or PEAP-MSCHAPv2. The other network, called [[VT_WLAN]] was an unencrypted network captive portal using PID authentication. In July, 2013 VT_WLAN was superseded by CONNECTtoVT-Wireless, an unencrypted, captive portal wireless network designed to set up connecting to VT-Wireless without offering Internet access. Due to user issues faced during deployment, CONNECTtoVT-Wireless began offering captive portal access to VT users. In January 2015, '''eduroam''' access was enabled, allowing members of any eduroam-affiliated institution to use wifi at any other institution. Connections to VT-Wireless and eduroam are secure by default, and has one of two different methods to connect.
| + | #REDIRECT [[Virginia Tech Wifi]] |
− | | |
− | | |
− | == Select a connection method ==
| |
− | | |
− | {| class="wikitable"
| |
− | |-
| |
− | ! Network
| |
− | ! Authentication
| |
− | ! Encrypted
| |
− | ! Setup
| |
− | ! Support
| |
− | |-
| |
− | | VT-Wireless
| |
− | | Strong ([[EAP-TLS]])
| |
− | | Yes
| |
− | | Involved
| |
− | | Many devices (Laptops and [[Android]] devices)
| |
− | |-
| |
− | | VT-Wireless
| |
− | | None to Medium ([[PEAP-MSCHAPv2]])
| |
− | | Yes
| |
− | | Simple
| |
− | | Most devices
| |
− | |-
| |
− | | eduroam
| |
− | | Strong ([[EAP-TLS]])
| |
− | | Yes
| |
− | | Involved
| |
− | | Many devices (Laptops and [[Android]] devices)
| |
− | |-
| |
− | | eduroam
| |
− | | None to Medium ([[PEAP-MSCHAPv2]])
| |
− | | Yes
| |
− | | Simple
| |
− | | Most devices
| |
− | |-
| |
− | | CONNECTtoVT-Wireless
| |
− | | None (Captive portal)
| |
− | | No
| |
− | | Simplest
| |
− | | All devices with HTTP
| |
− | |}
| |
− | | |
− | The use of eduroam is recommended because:
| |
− | * Wifi access is available at not just Virginia Tech, but also many other universities.
| |
− | * Wifi beacons sent out do not reveal you are a VT affiliate
| |
− | * It is possible to use an anonymous identity, making your identity hidden from the access point operator (but visible to the RADIUS server operator)
| |
− | | |
− | The best option is [[EAP-TLS]], which provides strong, two-way authentication to ensure that neither you or the authentication server can be impersonated. Unfortunately, setting up EAP-TLS can be somewhat involved because it requires a certificate to be installed on the device. Virginia Tech has planned to deprecate certificates in June 2015.
| |
− | | |
− | Using [[PEAP-MSCHAPv2]] is less secure as the authentication method can be broken with sufficient resources in a short amount of time. However the authentication is encrypted and the encryption key is authenticated and it is significantly simpler to set up and use.
| |
− | | |
− | CONNECTtoVT-Wireless is an unsecured captive portal wireless network. It is used for setting up VT-Wireless on your device. This is entirely optional and the instructional pages for [[PEAP-MSCHAPv2]] and [[EAP-TLS]] do not use it. There have been some reports that using this method causes problems, possibly related to the software it uses. The network is locked down to only allow access to pages that help connect the user to VT-Wireless. It uses [[XpressConnect]].
| |
− | | |
− | {| class='wikitable' width='40%'
| |
− | ! colspan="2" | Select a method for setup instructions
| |
− | |-
| |
− | | style="font-size:1.5em;text-align:center" width='50%' | [[EAP-TLS]]
| |
− | | style="font-size:1.5em;text-align:center" width='50%' | [[PEAP-MSCHAPv2]]
| |
− | |}
| |
− | | |
− | ==Known Issues==
| |
− | ===Fall 2013===
| |
− | As of September 16th, there is an issue present in the Cisco wireless controllers that Virginia Tech uses which causes 802.11n connections to fail for many users, including Linux users on Intel wireless chipsets. Disabling 802.11n is a workaround until it is fixed. This can be done in Arch Linux and Ubuntu by running:
| |
− | <pre>echo "options iwlwifi 11n_disable=1" >> /etc/modprobe.d/intel-802.11n.conf</pre> as root.
| |
− | | |
− | The ath9k driver may require [http://www.mail-archive.com/ath9k-devel@lists.ath9k.org/msg06226.html compiling with this patch].
| |
− | | |
− | ===Spring 2014===
| |
− | If you have trouble with connection dropping, and you can't disable 802.11n, PEAP/TLS helps, but in Lavery/Surge, you might need a 802.11g nic. How much trouble you have will depend on your chipset and which APs are used in the building. Also, there is apparently a theoretical Network Manager implication regarding certs, to be investigated, and certain known issues regarding frame aggregation on Aruba APs (non-exhaustive list of possible causes.)
| |
− | | |
− | ===Roaming===
| |
− | As of February 2015, you may encounter issues roaming between access points when using netctl-auto due to different access points being on different subnets. A workaround is to request a new DHCP lease if you are unable to connect but have an IP address and route.
| |
− | | |
− | | |
− | ==Network Information Sources==
| |
− | * [http://www.cns.vt.edu/html/wireless/wlan/index.html Communications Network Services: Wireless LAN]
| |
− | * [http://computing.vt.edu/internet_and_web/internet_access/ipaddresses.html Virginia Tech IP Addresses]
| |
− | | |
− | [[Category:Howtos]]
| |
− | [[Category:Campus computing resources]]
| |
− | [[Category:Round 2 migration]]
| |