Centrally managed hardware allows multiple virtual wireless LANs on the same access point (WAP). This enables us to broadcast the campus-wide eduroam and Calvisitor networks, as well as EECS-specific WLANs. Access to the EECS networks is restricted to people with IRIS accounts.
The wireless access points in EECS carry the following SSIDs:
eduroam is the primary campus Wi-Fi network, and should be the first choice for anyone with a CalNet ID and for visitors from eduroam participating institutions. Long-term guests may also be sponsored for a CalNet Guest Account, which grants access to eduroam.
EECS-Secure is also available for EECS account holders (faculty, staff, and graduate students) but should only be used when eduroam is not sufficient (i.e. to reach network resources that are not accessible from outside the EECS network). EECS-Secure will be phased out in 2022, so we encourage our EECS-Secure users to begin switching to eduroam.
EECS-PSK is available for EECS account holders to connect devices such as microcontrollers or SoCs that are not capable of connecting to eduroam or EECS-Secure. EECS-PSK should not be used for most devices, such as laptops, desktops, phones, or tablets, as it is significantly less secure than eduroam and EECS-Secure.
All wireless networks are configured such that all systems must be configured as DHCP clients. Statically configured IP addresses are not permitted.
On all the EECS-specific WLANs, devices need to be registered. Some of the WLANs require additional encryption configuration.
eduroam and AirBears2 require setting a Wi-Fi Key and will not accept your CalNet passphrase.
Since wi-fi transmits directly into open air, traffic is vulnerable to attack without good encryption.
EECS-Secure uses the WPA2-Enterprise protocol which provides a strong layer of security and integrated authentication. These settings should be used to connect to EECS-Secure:
- Wireless Security: WPA2 Enterprise, with AES encryption
- EAP Method: PEAP
- Key Type: Automatic
- Phase2 Type: MSCHAPV2
- Domain: eecs.berkeley.edu
- Identity: <Your EECS Login>
- Password: <Your EECS Active Directory (Windows) Password>
- Private MAC addresses must be disabled (“Use device MAC” on Android, disable “Private Address” on iOS)
EECS-PSK makes use of WPA2-PSK encryption. A password must be entered into the user’s system by the helpdesk before the device can connect. Unfortunately due to the weaker encryption and shared passphrase, EECS-PSK should not be considered secure. EECS-PSK is only for devices such as microcontrollers and SoCs that cannot connect to EECS-Secure, and should not be used for most devices including laptops, desktops, phones, and tablets.
Other 2.4GHz & 5GHz devices
Since there is a real possibility of other radio devices interfering with the wireless network, IRIS regulates the deployment of any other wireless equipment within the EECS service area. This includes both access points and non-802.11 devices.
IRIS networking staff will need to authorize the installation of any new devices using the 2.4GHz or 5GHz frequencies. While this may seem strict, with wireless the scope of research and production networks propagate through the same airspace. Unexpected problems are extremely difficult to detect and pinpoint.