Open main menu

Gobblerpedia β

VT WLAN

Revision as of 03:21, 15 February 2012 by imported>Mutantmonkey
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

VT_WLAN service is available in approximately 90% of academic and administrative spaces across the Blacksburg campus. This wireless network is composed of unencrypted IEEE 802.11a/b/g/n access nodes. To limit access to faculty and staff, VT Communications Network Services uses a Cisco captive portal. They switched from Bluesocket during the summer of 2009. You have to register for Customer OnLine Access (COLA) or in person at the Student Telecommunications Office to enable your account.

Contents

Authentication

The captive portal system will hijack the URL you first try to visit. Due to the nature of SSL, https connections cannot be directed to the login page and will time out. Type in your PID and password to be granted access.

Logging in from the Command Line

You can use CURL to log in from the command line or automate this (or any) web-based process. LUUG members previously provided scripts for the Bluesocket authentication, but due to the improvements that VT-Wireless brings, noone has bothered to write a new script for the Cisco captive portal.

Some Technical Details

  • The access points force SSL for authentication and are all signed by the Thawte Premium Server CA.
  • The routers are named:
    • bur-agw-2.cns.vt.edu
    • bur-agw-3.cns.vt.edu
    • cas-agw-?.cns.vt.edu
    • hil-agw-?.cns.vt.edu
    • isb-agw-?.cns.vt.edu
    • owe-agw-1.cns.vt.edu
    • sha-agw-1.cns.vt.edu
  • DHCP is independent of the captive portal authentication and occurs first.
  • Before authenticating, IPv4 access to internet sites is not available on any port. Some local sites can be reached.
  • You can ping (but not traceroute) without logging in. Ping tunneling works both locally and over the open internet. Some users have reported being temporarily banned from DHCP servers when ping tunneling before authenticating.
  • All wireless networks (including the .1x networks) on campus use RFC-1918 addresses from the 172.31.0.0/16 network. These are translated 1 to 1 with NAT into 198.82.x.x addresses for access outside the wireless network.
  • IPv6 access to local and internet sites, including web access to CNS and Google, is completely unrestricted regardless of authentication status, except in Torgersen Hall and Newman Library where new access points have been deployed.

See Also