##master-page:HelpTemplate ##master-date:Unknown-Date #format wiki #language en UCC offers its members wireless access to its network and its internet connection. It broadcasts the networks `UCC` (2.4 GHz) and `UCC-5` (5 GHz). It also maintains an IoT WLAN to segregate wireless sensors and other devices from the main network. That network is called `UCC-IoT` (2.4 GHz) and `UCC-IoT-5` (5 GHz). == Windows 11 == Windows 11 has further made it harder to connect to our Wi-Fi by removing any meaningful options from the network menu, so here are the steps to get it working. In addition, TLS 1.3 is required on later versions of 11 due to a bug they don't seem interested in fixing, so we also include a fix for that until we can upgrade the Wi-Fi and samson to support TLS 1.3. 1. Permit an older version of TLS * In the registry, under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\EAP\13, right click and add a new DWORD Value with the name TlsVersion. Then double click the new entry and give it the hexadecimal value fc0. 2. Download and install the [[https://ucc.asn.au/UCC-CA.crt|UCC CA certificate]]. 3. You should now be able to connect with your normal UCC login name and password. If you are having issues past this, check the steps below. 1. Open Control Panel and navigate to the Network and Sharing Centre. 2. Select "Set up a new connection or network" 3. Select "Manually connect to a wireless network" 4. Set "UCC" or "UCC-5" as the network name and "WPA2-Enterprise" as the security type, then hit next. * If it says the network already exists, forget the network in your Wi-Fi menu and start the manual connection setup again from step 3. 5. Then select "Change connection settings" and open the Security tab in the menu that opens. 6. Make sure "Protected EAP (PEAP)" is the network authentication method and click Settings beside it. 7. Ensure that "Secured password (EAP-MSCHAP v2)" is the selected authentication method, then click ok. 8. Select "Advanced settings", and tick the "Specify authentication mode" box. Then select "user authentication" from the drop down menu. 9. You can now close the window and attempt to connect from the normal Wi-Fi menu. It should now prompt you to give your UCC username and password, and will then login normally. === Windows 10 === Microsoft, in its desire to make everyone's lives harder, has removed any easily accessible option to disable certificate validation on wireless networks in a recent-ish update to Windows 10. As a result, there are 2 options to connect to the UCC wifi from Windows 10. * Download and install the [[https://ucc.asn.au/UCC-CA.crt|UCC CA certificate]] and try connecting again. * Simply save the certificate somewhere on your computer, open it and click the "Install" button. * Open "Network and Sharing Center", and find the button option to add a wireless network manually. 1. Enter `UCC` or `UCC-5` as the SSID. 2. Select `WPA2-Enterprise` for the connection security. 3. Do not exit the wizard yet, on the last screen there is a button for "More settings". Click this to open the old Windows 7 interface for configuring wireless networks. * From here you can follow step 3 under the Windows 7 section below. === Windows 7 === The following process will allow you to connect from a Windows 7 machine. The same or a very similar process will probably hold for other cases. 1. From the taskbar or control panel, open the Network and Sharing Centre, then click "Manage wireless networks". 1. "Add" a new wireless network, manually, with name "UCC", with WPA2-Enterprise security and AES encryption. 1. From the next screen, click change settings. From the security tab: a. Click change settings. Ensure: A. "Validate server certificate" is unchecked. A. Authentication method is EAP-MSCHAP v2. A. From the settings button next to authentication method, "use Windows login information" is not checked. a. Click "Advanced settings". Ensure: A. "Specify authentication method" is checked. A. The authentication method is "user authentication". You can save your credentials here if you like. 1. You should now be able to connect with your normal UCC login name and password. === Other OSs === Probably just works (tm), choose PEAP-MSCHAPv2 or similar and your username/password. === Technical Setup === There are a number of wireless access points around Cameron Hall run by UCC. These include: * `smallwing`, a very nice new (June 2018) Ubiquiti Unifi nanoHD which is the main source of WiFi in the clubroom. * `abe`, a 2.4GHz MikroTik "RouterBoard" device stuck to the wall above the cable housing in UWAnime. Until some time in May 2018, UCC also had a public wireless network which was broadcast from the top shelf of a rack in the machine room by `clearwing` a 2.4 GHz 802.11g device. It has since been deprecated and may be found somewhere in the machine room. The UWA IT department, sometime shortly prior to 2018, decided to install 4 Unifi access points in Cameron Hall. Previously, UCC was the only source of wifi in Cameron Hall. Currently the 2.4 GHz spectrum is thoroughly congested and there are no unused channels. In December 2019, the UCC IoT network was added to both `smallwing` and `abe`, broadcasting as `UCC-IoT` and `UCC-IoT-5`. It currently doesn't do anything, but will Very Soon (tm). All UCC wifi networks in the clubroom are served by `smallwing` (`192.168.2.21`), which runs Ubiquiti's custom Linux distribution. There is a management interface installed on the container `salmon` (currently running on [[Medico]]) which can be accessed internally as [[https://salmon.ucc.asn.au:8443/]]. `smallwing` is powered using the PoE injector which it came with, using 802.3af PoE. The fancy new-old switch [[Kerosene]] supports 802.3af/at PoE, so it would be quite possible to power the AP directly from the switch if it was set up to do so. `abe` serves the authenticated wifi network `UCC` in the other clubrooms and run MikroTik's RouterOS with an administrative web interface on `192.168.2.34`. It also serves the IoT network `UCC-IoT` to the rest of Cameron Hall. `coromandel` is a 2.4/5GHz-capable device currently on the TV cabinet in UniSFA. It runs OpenWRT, and is available at `192.168.2.20` on VLAN 1 or via the name `coromandel.ucc.asn.au`. Right now, it's basically acting as a glorified 5-port switch. ` == Spare devices == A few devices are lying around which aren't currently in use. These include: * `clearwing`, the old 802.11g router used for the public wifi. * An unnamed device branded "RouterBoard", likely of the same variety as `abe` and `sharpchin`. == Faulty Devices == * `sharpchin`, a 2.4GHz MikroTik "RouterBoard" device formerly located on a shelf in UniSFA, with management IP `192.168.2.31`.