Differences between revisions 65 and 66
Revision 65 as of 2020-09-04 11:25:40
Size: 11328
Editor: davidsch
Comment:
Revision 66 as of 2020-09-04 11:26:14
Size: 11327
Editor: davidsch
Comment:
Deletions are marked like this. Additions are marked like this.
Line 12: Line 12:
 1. Depending on the chosen SSID you might first have to open a webbrowser, then attempt to navigate to an arbitrary website. This will lead you to a landing page on which you will have to authenticate first).  1. Depending on the chosen SSID you might first have to open a webbrowser, then attempt to navigate to an arbitrary website. This will lead you to a landing page on which you will have to authenticate first.

Contents

  1. Wireless LAN (WLAN/ WiFi)
    1. How to connect to a WLAN
  2. SSID's
  3. Notes
  4. Wired LAN
    1. Registering selfmanaged devices in the ISG network (DHCP resp. NAC entry)
  5. 802.1x authorization for wireless (WLAN) and wired connections
  6. Network debugging
    1. Solutions

Wireless LAN (WLAN/ WiFi)

How to connect to a WLAN

  1. Make sure WLAN is activated on your laptop. Some laptops have dedicated keyboard key (usually with a WiFi symbol printed on it) to switch the WLAN antenna on or off.

  2. Click on the wireless icon (in case of windows machines in the taskbar)
  3. Choose the SSID (to find out which SSID to choose and how to authenticate correctly, have a look at the SSID's section below).
  4. Depending on the chosen SSID you might first have to open a webbrowser, then attempt to navigate to an arbitrary website. This will lead you to a landing page on which you will have to authenticate first.

SSID's

Role

Use SSID(s)

Use Login

ETHZ Students

eduroam, eduroam-5

<username>@student-net.ethz.ch

ETHZ, PSI, CSCS, ... employees (private-owned devices)

eduroam, eduroam-5, eth, eth-5

<username>@staff-net.ethz.ch

ETHZ, PSI, CSCS, ... employees (ETH-owned devices)

eduroam, eduroam-5, eth, eth-5

<username>@staff-net.ethz.ch (or use specific VPZ, see next line)

ETHZ, PSI, CSCS, ... employees (connect to specific VPZ)

eduroam, eduroam-5, eth, eth-5

<username>@<YourOfficeVPZ>.ethz.ch (e.g. <username>@itet-staff.ethz.ch)

ETHZ short-time-guests

eth-guest, eth-guest-5

for one-day guests or self-registered guests. no authentication needed, landing page for unlimited internet access. no connection encryption! ip-range of such guest devices will not be contained in "ETH-Intern" network statement and thus such devices will not have access to any other ETH VPZ's, except for those whose traffic from the eth-guest network is explicitly permitted in the department's individual VPZ firewall rules. Without prior landing page authentication guest devices may only access the following internet sites: VPN(ipsec), www.sbb.ch, www.flughafen-zuerich.ch, www.zvv.ch. guests who are from another university are advised to use the eduroam SSID instead. short-time guests can use 802.1x only in conjunction with the SSID's eth/ eth-5.

ETHZ long-time-guests

eduroam, eduroam-5, eth, eth-5

<username>@guest-net.ethz.ch

Small embedded devices

IoT

PSK-only; for devices that don't support other authentication/ encryption types

Notes

  • For all connections that require authentication, your N.ETHZ network password must be entered, not the standard N.ETHZ login password. All passwords can be reset on https://passwort.ethz.ch/

  • For SSID "eduroam-5" please do not use autoconnect; devices should usually and only autoconnect to the "eduroam" SSID (2.5 GHz).

  • The SSID's eduoram/ eduroam-5 should be strictly preferred over eth/ eth-5, as eduoroam will also work on other university campuses worldwide.

  • The SSID's eth/ eth-5 are required instead of eduroam/ eduroam-5 in the following exceptional cases: 1.) for clients that authenticate with host certificates, which is not possible outside of ETH. 2.) for technical accounts or guests, which will not be able to connect outside of ETH in near future (when IAM replaces N.ETHZ account management). 3.) in buildings where ETH and UZH both have offices and WLAN coverage of both institutions will overlap; using eduroam/ eduroam-5 in these areas means a user cannot predict via which institution's access points his/ her connections will run. If for some reason the user desires his connections be run only via the ETHZ access points, he should only configure the SSID's eth/ eth-5.

  • The former SSID's public, public-5 will be deprecated in future and should no longer be used.

Wired LAN

All UTP sockets in the public rooms and offices are set to 'docking'. What does 'docking' mean?

A UTP socket which is set to 'docking' detects the MAC address of any connected device and looks it up in a table (NAC table). In this table every MAC address is assigned to a specific network by a so called 'NAC profile'. If the detected MAC address can't be found in the NAC table, the port will be set to the ETH network, or more precisely, to the same network as all the wireless devices are connected to (eth, eth-5).

Generally all ISG-managed Linux and Windows devices are registered in the NAC table because they need to be in a specific network (VLAN), e.g. all the tardis workstations in the student rooms, which are fix in the Linux network.

Registering selfmanaged devices in the ISG network (DHCP resp. NAC entry)

For selfmanaged devices, e.g. laptops, NAC table (DHCP) entries can be made for the following reasons:

  1. The device needs a fix assigned IP address resp. FQDN (Fully Qualified Domain Name)
  2. The device has to be located in a specific VLAN

It is also possible to register a device for a 'dynamic IP address'. This makes sense, if you don't need a FQDN resp. a fixed IP for your device.

If you use a selfmanaged laptop and one of the above mentioned points applies to you, write to 'support@ee.ethz.ch'.

802.1x authorization for wireless (WLAN) and wired connections

IEEE 802.1x is a network authentication standard used at ETH for wireless and wired connections.

Normally when you connect a not ISG registered selfmanaged laptop to an UTP socket which is set to 'docking', you won't be able to get network access, until you have logged in via the ETH landing page displayed by your webbrowser. In other words, the same behaviour as connecting to the ETH wireless network. After logging in via landing page, you will have full access to the network.

This article shows you how to configure the wireless and wired network interface of your laptop in a way that 802.1x authorization is made automatically in the background, without using the ETH landing page.

  • Windows7 - How to configure 802.1x authorization with wireless or wired connections for Windows 7

  • Ubuntu - How to configure 802.1x authorization with wireless or wired connections for Ubuntu

  • MacOS - How to configure 802.1x authorization with wireless or wired connections for MacOS

Network debugging

This document addresses the D-ITET students. There are a few scenarios why users cannot use ETHZ, departmental or institution al internet or intranet services. This document tries to help you to analyze the problem.

The reasons why you cannot use our services may be:

  1. You are outside the ETH and have a connection problem: General connection problems.
  2. You are inside the ETH with your WLAN capable notebook. You have poor or no connection to the wireless network: General WLAN problems.
  3. You are at home with your WLAN capable notebook. You have poor or no connection to the wireless network: General WLAN problems.
  4. You are inside the ETH with your computer and you want to use the wired netwo rk. You cannot connect; you do not get an IP address: General DHCP problems. Keywords below: - General connectivity problems - General WLAN problems - General DHCP problems

Solutions

1. General connectivity problems

a. Please make sure that everything at your end works:

  • Try to surf the internet. If you fail,
  • check for connectivity to the internet
  • check your cabling
  • check your VPN client if you use it. Disable VPN for testing.

b. If you can surf the internet,

  • try to access the ETH and/or ISG.EE web sites. They should be available at all times. If this fails, call the ISG.EE support.
  • try to access the services you need, e.g. sending email, using svn, getting mail, accessing your home directory. If this fails, call the ISG.EE support.

c. Firewalls. If you

  • run a firewall that blocks or rejects outgoing traffic
  • you try to use a service that is firewalled on ETH side

2. General WLAN problems @home or @ETH

WLAN @home

The reasons for a poor performance may be:

  • some other WLAN is interferring. Make sure your WLAN access point does not use the same channel group as the foreign WLAN access point. Reconfigure your channel group. The channel groups are: 1 - 5, 6 - 10, 11 - 13. Avoid channel groups that are occupied by other access points.
  • Incompatiblity (encryption): You use a encryption algorithm that does not properly work with the WLAN access point. Reconfigure the encryption.
  • Loss of signal / weak signal strength:

a. Try to move the WLAN access point to a better (higher) place. Use your notebook's wlan adapter and a software called netstumbler to measure the signal strength by walking around in your flat.

b. Try to configure a stronger signal on both, your notebook and the WLAN acccess point.

c. There is something weakening your signal, e.g. electrically grounded steel girders.

d. Distance and signal strength: If your notebook is too far away from the access point you may lose the signal. This can happen after a few meters if there are signal dampers between the access point and your notebook.

  • Hardware failure. Check your hardware whether it generally is compatible and/or whether your hardware is working correctly. This can be done using replacement hardware.

In any of these cases there is not much the ISG.EE support can do for you.

WLAN @ETHZ

The reasons for a poor performance are basically the same as described in the section a. above (WLAN problems @Home). However, the ETHZ WLAN should be stable at all times. If you experience WLAN connectivity problems at the ETH please request help either from the ISG.EE or directly from the ID. The ID is responsible for the WLAN @ETHZ.

  • SSID public/ public-5: These SSID's are publicly available. You do not need to register your notebook. Once your notebook is associated to an access point you must use the VPN software and your n.ethz username and password to authenticate at the VPN gateway. Once authenticated you may use the intranet / internet services.

  • SSID eth/ eth-5: These SSID's are not publicly available. Please see: https://www1.ethz.ch/id/services/list/network/wifi/config_EN

If you experience problems with the WLAN @ETHZ, please ask either the ISG.EE or the IDfor assistance.

3. General DHCP problems

a. You use Windows or Linux on your computer or notebook. You have made sure that your computer is connected to the wired network by cable. You notice that you do not receive an IP address. The reasons for this problem may be:

  • The network plug in the wall is not configured for the network you should receive an IP address from

  • You did not register your computer at the ISG.EE. For registration we need the following information: MAC address, hostname and the operating system.

CategoryNET

Workstations/Network/Infrastructure (last edited 2023-10-16 11:07:38 by alders)