Difference between revisions of "VT WLAN"
imported>Cov (Created page with "'''VT_WLAN''' service is available in approximately 90% of academic and administrative spaces across the Blacksburg campus. This wireless network is composed of unencrypted IEEE ...") |
imported>Mutantmonkey |
||
(4 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
− | '''VT_WLAN''' service is available in approximately 90% of academic and administrative spaces across the Blacksburg campus. This wireless network is composed of unencrypted IEEE 802.11a/b/g access nodes. To limit access to faculty and staff, VT Communications Network Services uses a Cisco captive portal. They switched from Bluesocket during the summer of 2009. You have to register for [http://www.cns.vt.edu/html/wireless/wlan/registration.html Customer OnLine Access (COLA)] or in person at the Student Telecommunications Office to enable your account. | + | '''VT_WLAN''' service is available in approximately 90% of academic and administrative spaces across the Blacksburg campus. This wireless network is composed of unencrypted IEEE 802.11a/b/g/n access nodes. To limit access to faculty and staff, VT Communications Network Services uses a Cisco captive portal. They switched from Bluesocket during the summer of 2009. You have to register for [http://www.cns.vt.edu/html/wireless/wlan/registration.html Customer OnLine Access (COLA)] or in person at the Student Telecommunications Office to enable your account. |
==Authentication== | ==Authentication== | ||
Line 5: | Line 5: | ||
==Logging in from the Command Line== | ==Logging in from the Command Line== | ||
− | You can use CURL to log in from the command line or automate this (or any) web-based process. [[LUUG]] members previously provided scripts for the Bluesocket authentication, but due to the improvements that VT-Wireless brings, noone has bothered to write a new script for the Cisco captive portal. | + | You can use CURL to log in from the command line or automate this (or any) web-based process. [[LUUG]] members previously provided scripts for the Bluesocket authentication, but due to the improvements that [[VT-Wireless]] brings, noone has bothered to write a new script for the Cisco captive portal. |
==Some Technical Details== | ==Some Technical Details== | ||
− | * The access points force SSL and are all signed by the Thawte Premium Server CA. | + | * The access points force SSL for authentication and are all signed by the Thawte Premium Server CA. |
* The routers are named: | * The routers are named: | ||
** bur-agw-2.cns.vt.edu | ** bur-agw-2.cns.vt.edu | ||
Line 18: | Line 18: | ||
** sha-agw-1.cns.vt.edu | ** sha-agw-1.cns.vt.edu | ||
* DHCP is independent of the captive portal authentication and occurs first. | * DHCP is independent of the captive portal authentication and occurs first. | ||
− | * You can ping without logging in. | + | * Before authenticating, IPv4 access to internet sites is not available on any port. Some local sites can be reached. |
− | * All wireless networks (including the .1x networks) on campus | + | * You can ping (but not traceroute) without logging in. Ping tunneling works both locally and over the open internet. Some users have reported being temporarily banned from DHCP servers when ping tunneling before authenticating. |
− | translated 1 to 1 with NAT into 198.82.x.x addresses for access outside the wireless network. | + | * All wireless networks (including the .1x networks) on campus use [[rfc:1918|RFC-1918]] addresses from the 172.31.0.0/16 network. These are translated 1 to 1 with NAT into 198.82.x.x addresses for access outside the wireless network. |
− | * | + | * IPv6 access to local and internet sites, including web access to [http://www.cns.vt.edu/ CNS] and Google, is completely unrestricted regardless of authentication status, except in [[Torgersen Hall]] and [[Newman Library]] where new access points have been deployed. |
==See Also== | ==See Also== |
Latest revision as of 03:21, 15 February 2012
VT_WLAN service is available in approximately 90% of academic and administrative spaces across the Blacksburg campus. This wireless network is composed of unencrypted IEEE 802.11a/b/g/n access nodes. To limit access to faculty and staff, VT Communications Network Services uses a Cisco captive portal. They switched from Bluesocket during the summer of 2009. You have to register for Customer OnLine Access (COLA) or in person at the Student Telecommunications Office to enable your account.
Authentication
The captive portal system will hijack the URL you first try to visit. Due to the nature of SSL, https connections cannot be directed to the login page and will time out. Type in your PID and password to be granted access.
Logging in from the Command Line
You can use CURL to log in from the command line or automate this (or any) web-based process. LUUG members previously provided scripts for the Bluesocket authentication, but due to the improvements that VT-Wireless brings, noone has bothered to write a new script for the Cisco captive portal.
Some Technical Details
- The access points force SSL for authentication and are all signed by the Thawte Premium Server CA.
- The routers are named:
- bur-agw-2.cns.vt.edu
- bur-agw-3.cns.vt.edu
- cas-agw-?.cns.vt.edu
- hil-agw-?.cns.vt.edu
- isb-agw-?.cns.vt.edu
- owe-agw-1.cns.vt.edu
- sha-agw-1.cns.vt.edu
- DHCP is independent of the captive portal authentication and occurs first.
- Before authenticating, IPv4 access to internet sites is not available on any port. Some local sites can be reached.
- You can ping (but not traceroute) without logging in. Ping tunneling works both locally and over the open internet. Some users have reported being temporarily banned from DHCP servers when ping tunneling before authenticating.
- All wireless networks (including the .1x networks) on campus use RFC-1918 addresses from the 172.31.0.0/16 network. These are translated 1 to 1 with NAT into 198.82.x.x addresses for access outside the wireless network.
- IPv6 access to local and internet sites, including web access to CNS and Google, is completely unrestricted regardless of authentication status, except in Torgersen Hall and Newman Library where new access points have been deployed.