OSU_Secure - WPA Enterprise solution
Why WPA?
WPA offers a more secure method of using OSU's wireless network.
OSU_Secure SSID is the preferred method to securely access the OSU
Network and the Internet. Wireless
clients using the OSU_Access network will be limited to what they can
access. One would be required to use the
OSUSDS
service on the OSU_Access network to have comparable secure access
capabilities that OSU_Secure provides.
How to setup OSU_Secure for:
- Windows XP using Wireless Auto Configuration
- Windows Vista using Wireless Auto Configuration
- Mac OS X (10.3 & Higher)
- Linux - Because of the diversity of Linux distributions, it is not
possible for Network Engineering to provide comprehensive instructions
for accessing OSU_Secure from Linux. However, your chosen wireless networking tool will need to be configured as follows.
- SSID: OSU_Secure
- Security: WPA2 Enterprise
- EAP Method: PEAP (PEAPv0/EAP-MSCHAPv2)
- Key Type: AES (or automatic)
- Phase2 Type: MSCHAPv2
- Username: ONID Username
- Password: ONID Password
Requirements for WPA.
One will need a WiFi compliant WPA aware wireless client to access the OSU_Secure SSID. Currently, WPA is implemented
using TKIP as the encryption method for access to the OSU_Secure SSID as well as WPA/WPA2 enterprise using AES encryption.
Any current WiFi compliant wireless system should work. The following are OSs known to have working WPA using TKIP & AES encryption
drivers:
Other OSs may require a supplicant and we would recommend getting one that includes an 802.11x compliant supplicant
for your Ethernet interface. We may have a list of suggested vendors in the near future. If you know of any vendors
to recommend for certain OSs, please let us know.
WARNING: You will be required to registered your wireless MAC address with OSU's
MAINTAIN service.
This is required to obtain an IP address via DHCP on the OSU_Secure wireless network.
Accessing the OSU_Access wireless network is one way to register your
MAC address.
What is WPA?
WPA or
Wi-Fi Protected Access is a class of systems to secure wireless computer networks.
There are two classes of WPA that allow secure access to a wireless network:
WPA-PSK works well in a SOHO environment where a strong (minimum 20+ characters) Pre-Shared Key can be shared amongst
a few wireless clients. WPA-Enterprise is more suitable for large organizations using an external authentication
method. Both classes of WPA require encrypted authentication to occur prior to allowing encrypted data to be sent over
the radio.
The following URL has a comprehensive description of WPA and other references to implementations of WPA:
Wikipedia's WiFi Protected Access.
Other useful WPA links:
News, Announcements, & Milestones:
- 09.18.2008 - CSACS servers upgrade to 4.2 to improve reliability of
EAP authentications.
- 09.12.2008 - Covell, Dearborn & Kelley Engineering Center broadcast
OSU_Secure.
- 04.05.2007 - All APs support WPA/WPA2 - Enterprise.
- 03.02.2007 - OSU_Secure WPA made public.
- 03.01.2007 - All APs upgraded to latest firmware release.
- 02.18.2007 - All APs supporting OSU_Secure.
- 02.14.2007 - OSU_Secure ready for Prime-Time deployment.
- 02.08.2007 - CSACS2 upgrade to 3.3.4 to correct authentication hangs.
- 01.01.2007 - Most APs except COB & SCF supporting OSU_Secure.
- 12.28.2007 - CSACS configuration change to resolve WPA roaming issues.
- 08.29.2006 - OSU WPA Wireless Deployment meeting for DCA's & SysAdmins.
