Centrally managed hardware allows multiple virtual wireless LANs on the same access point (WAP). This enables us to broadcast the campus-wide eduroam and Calvisitor networks, as well as EECS-specific WLANs. Access to the EECS networks is restricted to people with IRIS accounts.
The wireless access points in EECS carry the following SSIDs:
EECS-Secure: This high-performance WLAN offers the best security; WPA2-Enterprise security with AES encryption and 802.1X authentication using individual credentials for registered devices.
EECS-PSK: Offering weaker shared-key encryption, this WLAN is meant for devices that are incapable of using EECS-Secure, such as SoCs and IoT devices. Devices need to be registered to use this SSID and only the helpdesk is allowed to configure the passphrase on a device.
eduroam and AirBears2: The campus-wide wireless networks. eduroam is the preferred network, as AirBears 2 will likely be retired in the future.
CalVisitor: Campus-wide guest wireless with certain access limitations.
All wireless networks are configured such that all systems must be configured as DHCP clients. Statically configured IP addresses are not permitted.
On all the EECS specific WLANs, devices need to be registered. Some of the WLANs require additional encryption configuration.
eduroam and AirBears2 require setting a Wi-Fi Key and will not accept your CalNet passphrase.
Since wi-fi transmits directly into open air, traffic is vulnerable to attack without good encryption.
EECS-PSK makes use of WPA2-PSK encryption. A password must be entered into the user’s system by the helpdesk before the device can connect. Unfortunately due to the weaker encryption and shared passphrase, EECS-PSK should not be considered secure.
EECS-Secure uses the WPA2-Enterprise protocol which provides a much stronger layer of security and integrated authentication.
These settings should be used to connect to EECS-Secure:
- Wireless Security: WPA2 Enterprise, with AES encryption
- EAP Method: PEAP
- Key Type: Automatic
- Phase2 Type: MSCHAPV2
- Identity: <Your EECS Login>
- Password: <Your EECS Active Directory (Windows) Password>
- Private MAC addresses must be disabled (“Use device MAC” on Android, disable “Private Address” on iOS)
Other 2.4GHz & 5GHz devices
Since there is a real possibility of other radio devices interfering with the wireless network, IRIS regulates the deployment of any other wireless equipment within the EECS service area. This includes both access points and non-802.11 devices.
IRIS networking staff will need to authorize the installation of any new devices using the 2.4GHz or 5GHz frequencies. While this may seem strict, with wireless the scope of research and production networks propagate through the same airspace. Unexpected problems are extremely difficult to detect and pinpoint.