#rev 2020-09-04 davidsch #rev 2018-10-08 hgiger <> = Wireless LAN (WLAN/ WiFi) = == How to connect to the WLAN == 1. Make sure WLAN is activated on your laptop. Some laptops have dedicated keyboard key (usually with a WiFi symbol printed on it) to switch the WLAN antenna on or off. On other laptops that key does not look like a keyboard key, but more like a status LED; however, often it can be touched to switch WLAN on/ off. On some computers the WLAN module could also have been disabled in the BIOS setup. 1. Click on the wireless icon on your desktop (in case of Windows computers, it is found in the tray area of the taskbar) 1. Choose the SSID (to find out which SSID to choose and how to authenticate correctly, have a look at the SSID section below). 1. Depending on the chosen SSID you might first have to open a webbrowser, then attempt to navigate to an arbitrary website. This will lead you to a landing page on which you will have to authenticate first. After successful authentication, your device is granted access to the ETH network and to the Internet. 1. For all connections that require authentication, your ETH ''network password'' must be entered, not the standard ETH login password. All passwords can be reset on [[https://passwort.ethz.ch/|https://passwort.ethz.ch/]]. Please also note that depending on the chosen SSID, a different syntax for the username/ login field must be used (see SSID's section below). == SSID's == || Role ||Use SSID(s) ||Use Login || ||ETHZ Students ||'''eduroam''', eduroam-5 || @student-net.ethz.ch || ||ETHZ, PSI, CSCS, ... employees (private-owned devices) ||'''eduroam''', eduroam-5, eth, eth-5 || @staff-net.ethz.ch || ||ETHZ, PSI, CSCS, ... employees (ETH-owned devices) ||'''eduroam''', eduroam-5, eth, eth-5 || @staff-net.ethz.ch (or use specific VPZ, see next line) || ||ETHZ, PSI, CSCS, ... employees (connect to specific VPZ) ||'''eduroam''', eduroam-5, eth, eth-5 || @.ethz.ch (e.g. @DEPT-staff.ethz.ch) || ||ETHZ short-time-guests ||'''eth-guest''', eth-guest-5 || for one-day guests or self-registered guests. no authentication needed, ''landing page'' for unlimited internet access. Without prior landing page authentication guest devices may only access the following internet sites: VPN(ipsec), www.sbb.ch, www.flughafen-zuerich.ch, www.zvv.ch. guests who are from another university are advised to use the eduroam SSID instead. short-time guests can use 802.1x only in conjunction with the SSID's eth/ eth-5.|| ||ETHZ long-time-guests ||'''eduroam''', eduroam-5, eth, eth-5 || @guest-net.ethz.ch || == SSID notes == * For SSID "eduroam-5" please ''do not use autoconnect''; devices should usually and only autoconnect to the "eduroam" SSID (2.5 GHz). * The SSID's eduoram/ eduroam-5 should be strictly preferred over eth/ eth-5, as eduoroam will also work on other university campuses worldwide. * The SSID's eth/ eth-5 are required instead of eduroam/ eduroam-5 in the following ''exceptional cases'': 1.) for clients that authenticate with host certificates, which is not possible outside of ETH. 2.) for technical accounts or guests, which will not be able to connect outside of ETH. 3.) in buildings where ETH and UZH both have offices and WLAN coverage of both institutions will overlap; using eduroam/ eduroam-5 in these areas means a user cannot predict via which institution's access points his/ her connections will run. If for some reason the user desires his connections be run only via the ETHZ access points, he should only configure the SSID's eth/ eth-5. * The SSID's public, public-5 will be deprecated in future and should no longer be used. = Wired LAN = All UTP sockets in the ITET public rooms and offices are set to 'docking'. What does 'docking' mean? A UTP socket which is set to 'docking' detects the MAC address of any connected device and looks it up in a table (NAC table). In this table, every MAC address is assigned to a specific network by a so called 'NAC profile'. If the device's MAC address cannot be found in the NAC table, the socket will be switched to a default VLAN (network) with restricted access (no internet access without prior authentication). Generally, all ISG D-ITET-managed Linux and Windows workstations/ laptops are registered in the NAC table because they need to be in a specific network (VLAN). That applies for instance to all the Tardis workstations in the public student rooms of D-ITET. == Registering self-managed devices in the ISG D-ITET network (DHCP resp. NAC entry) == For selfmanaged devices (e.g. laptops) NAC table (and DHCP) entries must be configured under the following circumstances: 1. The device needs a fixed IP address or a fixed, globally visible, specific hostname FQDN (fully qualified domain name). 1. The device has to be located in a specific VLAN. It is also possible to register a device for a 'dynamic IP address'. This makes sense, if you don't need to connect to your device using a specific hostname or a fixed IP address. If one of the reasons mentioned above applies to your self-managed device, contact ISG D-ITET (support@ee.ethz.ch). = 802.1x authentication for wireless (WLAN) and wired connections = IEEE 802.1x is a network authentication standard used at ETH for wireless and wired connections. <
><
> When you connect a selfmanaged laptop, whose MAC address has not been registered by ISG D-ITET previously, to a UTP socket, you won't be able to access the network, until you have logged in via the ETH landing page displayed in your webbrowser. This is the same that would happen when attempting to connect to the ETH wireless network using the public/ public-5 SSID's. After authenticating on the landing page, you will have full access to the network. Using the 802.1x standard, you may authenticate your device automatically as soon as it is connected to the network, without any need for landing page authentication. The procedure to configure 802.1x authentication varies between operating systems. Have a look at the following articles: * [[Workstations/Network/Infrastructure/802.1xWindows10|Windows10 ]] - How to configure 802.1x authorization with wireless or wired connections for Windows 7 * [[Workstations/Network/Infrastructure/802.1xUbuntu|Ubuntu ]] - How to configure 802.1x authorization with wireless or wired connections for Ubuntu * [[Workstations/Network/Infrastructure/802.1xMacOS|MacOS ]] - How to configure 802.1x authorization with wireless or wired connections for MacOS == Network debugging == This document addresses D-ITET students. There are a several scenarios why users cannot access ETHZ internet or intranet resources. This section assists you in analyzing the problem. Reasons why you cannot acccess ETHZ network services might be: 1. You are outside ETH and have a connection problem: See "General connectivity problems" (below). 1. You are inside ETH with your self-managed device (laptop). You have poor or no connection to the wireless network: See "General WLAN problems", subsection "WLAN problems at ETHZ" (below). 1. You are at home with your self-managed device (laptop). You have poor or no connection to the wireless network: See "General WLAN problems", subsection "WLAN problems at home" (below). 1. You are inside ETH with your desktop computer and you attempt to use the wired network. You cannot connect; you do not obtain an IP address: See "General LAN problems at ETH" (below). == Solutions == === General connectivity problems === * (a) Please make sure that everything on your side works: * Try to access the Internet. If that fails, * Check your cables/ sockets and other network hardware (switches, routers, ...) * Check your (Cisco) VPN client if you use it. Disable VPN for testing. * (b) If you are able to access the internet: * Try to access the ETH and/ or ISG D-ITET web sites. They should be up almost everytime. If that fails, call the ISG D-ITET support. * Try to access the services you need, e.g. sending email, using svn, receiving e-mail, accessing your home directory. If this fails, call ISG D-ITET support. * (c) Network firewalls as the reason for connectivity problems: * If you run a firewall that blocks or rejects traffic * If try to use a service from outside ETH that is behind one of the ETH firewalls. The latter might also apply when you use the VPN client software. In that case, even though your computer is connected to a specific ETH subnet, the target computer you attempt to connect to is behind another firewall within the ETH network and thus unreachable. Using the VPN does not mean that you can access truly all network resources at ETH! === General LAN problems at ETH === * Check that your computer's network cable is connected to the right socket or switch. Note: some sockets are not connected to the network, in that case you might try to use another network socket or contact ISG D-ITET to connect the failing socket to the network * Check whether your network cable is OK * Also check the section "General DHCP problems" (below) ==== WLAN problems at home ==== The reasons for a poor performance may be: * Some other WLAN is interfering. Make sure your WLAN access point does not use the same channel group as the foreign WLAN access point. Reconfigure your channel group. The channel groups are: 1 - 5, 6 - 10, 11 - 13. Avoid channel groups that are occupied by other access points. * Incompatiblity (encryption): You use a encryption algorithm that does not properly work with the WLAN access point. Reconfigure the encryption. * Loss of signal / weak signal strength: * (a) Try to move the WLAN access point to a better place. Measure the signal strength by walking around in your flat with your laptop running the `netstumbler` software. * (b) There is something disturbing your signal, e.g. other electrical devices, electrically grounded steel girders, ... * (c) Distance and signal strength: If your laptop is too far away from the access point you may lose the signal. * Hardware failure. Check your hardware whether it generally is compatible and if your hardware is working correctly. Comparing network access with other devices (laptops, smartphones, ...) might help to identify the cause. In any of these cases there is not much the ISG D-ITET support can do for you. ==== WLAN problems at ETHZ ==== The reasons for poor performance are basically the same as described in the section (a.) above (WLAN problems at home). However, ETHZ WLAN should be quite stable and highly available. If you experience WLAN connectivity problems at ETH please request help either from ISG D-ITET or directly from the central IT deparment (Informatikdienste, ID). The ID is operates the WLAN at ETHZ. === General DHCP problems === * You use Windows or Linux on your computer or notebook. You have ensured that your computer is connected to the wired network by cable, but you notice that you still don't obtain an IP address. The reasons for this problem may be: * The network plug in the wall is not configured for the network you should receive an IP address from * You have not yet registered your computer with ISG D-ITET. For [[mailto:support@ee.ethz.ch|registration]] we need the following information: MAC address, desired hostname (if one is required) and the operating system running on the device. ---- [[CategoryNET]]