Difference between revisions of "Netwerk draadloos"

From Cncz
Jump to: navigation, search
Line 13: Line 13:
 
** Ofwel een ander bedrijfssysteem met WPA ondersteuning.
 
** Ofwel een ander bedrijfssysteem met WPA ondersteuning.
 
*** Voor oudere versies van Windows XP of voor Windows 2000, zie de Microsoft website, bv: [http://support.microsoft.com/?kbid=815485 Overzicht van de WPA Wireless Security Update in Windows XP] en/of [http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/wifitrbl.mspx Troubleshooting Windows XP IEEE 802.11 Wireless Access]
 
*** Voor oudere versies van Windows XP of voor Windows 2000, zie de Microsoft website, bv: [http://support.microsoft.com/?kbid=815485 Overzicht van de WPA Wireless Security Update in Windows XP] en/of [http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/wifitrbl.mspx Troubleshooting Windows XP IEEE 802.11 Wireless Access]
*** Voor een PDA met Windows Mobile horen we graag de instellingen of de problemen ermee! Het schijnt dat Windows Mobile 5 de gebruiker niet ons zelfgetekend certificaat laat installeren. Dat zou met AEConfig op te lossen zijn.
+
*** Voor een PDA of smartphone met Windows Mobile horen we graag de instellingen of de problemen ermee! Sommige smartphones hebben wel WPA-Enterprise maar geen EAP-MSCHAP v2, dus zijn niet te gebruiken.
 
*** Voor een Palm TX kan men voor ongeveer 6 dollar een upgrade naar WPA-Enterprise kopen.
 
*** Voor een Palm TX kan men voor ongeveer 6 dollar een upgrade naar WPA-Enterprise kopen.
 
*** Voor Linux zie [[netwerk_draadloos_handleidinglinux|'''deze voorlopige handleiding''']], die gebruik maakt van [http://hostap.epitest.fi/wpa_supplicant/ WPA supplicant].  
 
*** Voor Linux zie [[netwerk_draadloos_handleidinglinux|'''deze voorlopige handleiding''']], die gebruik maakt van [http://hostap.epitest.fi/wpa_supplicant/ WPA supplicant].  
Line 22: Line 22:
 
** Or any other operating system with WPA support
 
** Or any other operating system with WPA support
 
*** For older versions of Windows XP or for Windows 2000, see the Microsoft website, e.g.: [http://support.microsoft.com/?kbid=815485 Overview of the WPA Wireless Security Update in Windows XP] and/or [http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/wifitrbl.mspx Troubleshooting Windows XP IEEE 802.11 Wireless Access]
 
*** For older versions of Windows XP or for Windows 2000, see the Microsoft website, e.g.: [http://support.microsoft.com/?kbid=815485 Overview of the WPA Wireless Security Update in Windows XP] and/or [http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/wifitrbl.mspx Troubleshooting Windows XP IEEE 802.11 Wireless Access]
*** For Windows Mobile we would like to hear the settings or problems! It appears that Windows Mobile 5 will not let you install our self-signed certificate. You can circumvent this with something called AEConfig, it seems.
+
*** For Windows Mobile we would like to hear the settings or problems! Some smartphones have WPA-Enterprise but no EAP-MSCHAP v2, so cannot be used.
 
*** For a Palm TX one can buy a WPA-Enterprise upgrade for about 6 US dollar.
 
*** For a Palm TX one can buy a WPA-Enterprise upgrade for about 6 US dollar.
 
*** For Linux see [[netwerk_draadloos_handleidinglinux|'''this premature manual''']], which uses [http://hostap.epitest.fi/wpa_supplicant/ WPA supplicant].  
 
*** For Linux see [[netwerk_draadloos_handleidinglinux|'''this premature manual''']], which uses [http://hostap.epitest.fi/wpa_supplicant/ WPA supplicant].  

Revision as of 23:08, 22 December 2007

Wireless network Faculty of Science

Within the Science Faculty a secure wireless 54 Mbit/s wi-fi WPA network is available at almost every place in the Huygens building, starting july 2005. The network advertises itself with the name (SSID) "Science"". It can only be used by people with a Science-login. Since fall 2006 the university RU-wlan is available in the Huygens building for all students and personnel of the RU.

What you need

To access this "Science"-network, you need:

  • Hardware
    Wi-Fi hardware that supports WPA (more exactly WPA Enterprise). Almost all laptops have this built-in since a few years. All Intel Centrino laptops should be fine. N.B.: There is a security vulnerability in the Intel Centrino Windows-drivers, see Intel support for more information and updates. If one wants to use the Intel PROSet/Wireless software instead of the Windows software, the update above could be necessary.
    Laptops from 2003 or later should be fine too, but often you need a driver-update (see the manufacturers web-site). When the built-in hardware doesn't support WPA, one can buy for about EUR 30,- a PCMCIA-card or USB-stick that does. See if needed wi-fi.org for "certified" hardware. C&CZ has tested two low-cost certified PCMCIA-cards, Linksys WPC54G-EU and D-Link DWL-G650+. Older 11 Mbit/s 802.11b hardware as well as newer 54 Mbit/s 802.11g hardware can be used, as long as WPA is supported.
  • Software

    • Either Microsoft Windows XP with Service Pack 2 (SP2). We wrote an extensive installation manual.
    • Or Microsoft Windows Vista. Click "Start->Settings->Control Panel->Network". Choose "Setup connection or network". Choose "Setup manually". Choose then "Science" (with 1 capital!), WPA Enterprise and TKIP. Next choose "Change connection settings" and click in the tab "Security" on "Protected EAP" and "Settings...". In the window "Protected EAP properties" one has to check "Validate server certificate" and choose the verification method "Protected password (EAP-MSCHAP v2) and withing this in "Configure" uncheck "Automatically use my Windows-logonname and -password (and domain if necessary)". If one doesn't want to make a connection with previously entered account information, one can uncheck "Cache user information for subsequent connections to this network". In the meantime see if necessary the Cable Guy). In the near future, we will provide a detailed installation manual, until then one can use, if needed, the manual as mentioned above. If this is too difficult, don't hesitate to stop by C&CZ with your laptop.
    • Or any other operating system with WPA support
  • Username and password
    Before any Internet-traffic is possible, the combination of a loginname and password is checked through the 802.1x mechanism. One should prevent giving the loginname/password combination to a rogue (non-C&CZ) access-point, by checking the server-certificate. All traffic is encrypted with constantly changing keys, which makes eavesdropping impossible.
  • For the "Science" network a C&CZ (science) username and password. Every employee and student of the Faculty of Science has (a right to) that.
  • (For the RU-wlan) a RU-password for every RU-employee and student.
  • (Not yet available at the RU:) or a username/password of an institution that takes part in EduRoam.


Background and future

  • At the end of 2004, it was decided that we wanted blanket wireless coverage in Huygens-building phase I. Later it was decided that the RU would supply wireless coverage everywhere on campus.
  • After meetings with the UCI, Vosko and Cisco we chose the Cisco 1130AG as wireless access point. After a site survey by Vosko, 54 of these access points were placed in Huygens-building phase I. To manage these access-points (IOS-version, configurations), we bought a CiscoWorks Wireless LAN Solution Engine, and later added AirMagnet laptop for security and troubleshooting.
  • We had a lot of trouble with the initial configuration, due to our wish to use our existing FreeRadius radius server, which was not supported by our suppliers, our wish to spread the users in different VLANs (subnets) and the wish to make a safe WPA network, for which the users of MS-Windows XP2 SP2 wouldn't have to install extra software and the users wouldn't give their passwords to wrong servers (withoud correct certificate).
  • In the first few weeks of september 2005 50 different users logged in to the wireless network, the largest groups were Organic Chemistry, that switched over from "their own" wireless network and students Computer Science.
  • During 2006 the wireless network was extended to the Huygens building phase II and NanoLab.
  • In the next year(s), wireless connectivity will be available in all remaining buildings: HFML, Botanic Greenhouse, RootLab, ITS, A2-wing (after renovation), Linnaeus building (after renovation) and several locations outside (lawn, terrace, ....).
  • The next generation wireless network will probably be discussed from late 2007: faster with 802.11n (200+ Mbit/s) and even more secure with WPA2 (better hardware encryption).
  • As soon as we switch to VoIP (Voice Over IP, IP-Telephony) for our telephone system, we will look into VoWLAN (Voice over WLAN) as wireless speech solution.