Difference between revisions of "VT WLAN"

From Gobblerpedia
Jump to: navigation, search
imported>Cov
(Created page with "'''VT_WLAN''' service is available in approximately 90% of academic and administrative spaces across the Blacksburg campus. This wireless network is composed of unencrypted IEEE ...")
 
(Some Technical Details)
Line 8: Line 8:
  
 
==Some Technical Details==
 
==Some Technical Details==
* The access points force SSL and are all signed by the Thawte Premium Server CA.
+
* The access points force SSL for authentication and are all signed by the Thawte Premium Server CA.
 
* The routers are named:
 
* The routers are named:
 
** bur-agw-2.cns.vt.edu
 
** bur-agw-2.cns.vt.edu
Line 18: Line 18:
 
** sha-agw-1.cns.vt.edu
 
** sha-agw-1.cns.vt.edu
 
* DHCP is independent of the captive portal authentication and occurs first.
 
* DHCP is independent of the captive portal authentication and occurs first.
* You can ping without logging in.
+
* Before authenticating, IPv4 access to internet sites is not available on any port. Some local sites can be reached.
* All wireless networks (including the .1x networks) on campus now use [[rfc:1918|RFC-1918]] addresses from the 172.31.0.0/16 network. These are
+
* You can ping (but not traceroute) without logging in. Ping tunneling works both locally and over the open internet. Some users have reported being temporarily banned from DHCP servers when ping tunneling before authenticating.
translated 1 to 1 with NAT into 198.82.x.x addresses for access outside the wireless network.
+
* All wireless networks (including the .1x networks) on campus now use [[rfc:1918|RFC-1918]] addresses from the 172.31.0.0/16 network. These are translated 1 to 1 with NAT into 198.82.x.x addresses for access outside the wireless network.
* You can access IPv6 sites like [http://www.cns.vt.edu/ CNS] and Google without having to authenticate.
+
* IPv6 access to local and internet sites, including web access to [http://www.cns.vt.edu/ CNS] and Google, is completely unrestricted regardless of authentication status.
  
 
==See Also==
 
==See Also==

Revision as of 18:37, 20 March 2011

VT_WLAN service is available in approximately 90% of academic and administrative spaces across the Blacksburg campus. This wireless network is composed of unencrypted IEEE 802.11a/b/g access nodes. To limit access to faculty and staff, VT Communications Network Services uses a Cisco captive portal. They switched from Bluesocket during the summer of 2009. You have to register for Customer OnLine Access (COLA) or in person at the Student Telecommunications Office to enable your account.

Authentication

The captive portal system will hijack the URL you first try to visit. Due to the nature of SSL, https connections cannot be directed to the login page and will time out. Type in your PID and password to be granted access.

Logging in from the Command Line

You can use CURL to log in from the command line or automate this (or any) web-based process. LUUG members previously provided scripts for the Bluesocket authentication, but due to the improvements that VT-Wireless brings, noone has bothered to write a new script for the Cisco captive portal.

Some Technical Details

  • The access points force SSL for authentication and are all signed by the Thawte Premium Server CA.
  • The routers are named:
    • bur-agw-2.cns.vt.edu
    • bur-agw-3.cns.vt.edu
    • cas-agw-?.cns.vt.edu
    • hil-agw-?.cns.vt.edu
    • isb-agw-?.cns.vt.edu
    • owe-agw-1.cns.vt.edu
    • sha-agw-1.cns.vt.edu
  • DHCP is independent of the captive portal authentication and occurs first.
  • Before authenticating, IPv4 access to internet sites is not available on any port. Some local sites can be reached.
  • You can ping (but not traceroute) without logging in. Ping tunneling works both locally and over the open internet. Some users have reported being temporarily banned from DHCP servers when ping tunneling before authenticating.
  • All wireless networks (including the .1x networks) on campus now use RFC-1918 addresses from the 172.31.0.0/16 network. These are translated 1 to 1 with NAT into 198.82.x.x addresses for access outside the wireless network.
  • IPv6 access to local and internet sites, including web access to CNS and Google, is completely unrestricted regardless of authentication status.

See Also