Secure Wireless Corporate SSID

Similar Messages

• Configuring the iPhone and your environment for wireless corporate email

  I'm posting this as a top level thread, because I'm certain that there are others out there, who like me, are trying to figure this out.
  Configuring the iPhone for Enterprise Use
  With Apple’s release of the iPhone, IT organizations are presented with an interesting challenge. Senior execs, gadget heads, and technoratti are all flocking to this device, heralded as the be all and end all of smartphone telecommunications technology. As these devices begin to flood into our organizations, we are met with the challenge to ‘make it work’.
  After much explaining that the iPhone is not intended for Enterprise integration, and many discussions surrounding the technical feasibility of bringing said devices into the fold, and being the resident Mac and Linux head with an iPhone in hand, I decided to embark on the mission of making one ‘work’. I succeeded in part, however it’s not the kind of ‘work’ that is going to be viable for most end users.
  First of all, it’s important to understand that the email client for the iPhone is a modified version of Mac’s Mail program. Not the best client in the world, but it does support Exchange integration. It also does external email sources, such as Yahoo and gMail, very well. For my interest though, I’m focusing on the Exchange integration functionality, as that is just about everyone’s corporate standard.
  Bringing this task to fruition requires some understanding about the limitations of the iPhone, as well as some of its current quirks. Wireless802.11x, EDGE, VPN and Mail are all components necessary to provide a serviceable solution for mobile email access, and each of these things has some peculiarities that don’t appear to be fully worked out by Apple at this time.
  For instance, within my organization, we have a secured wireless connectivity option available within our building; however, the SSID of this network is not broadcast, for the obvious reasons. SO, connecting the iPhone to it is a manual process of defining the network, and automatic reconnection seems to be very hit or miss, so it becomes far less of an option for any form of direct network access to your Exchange environment. (As an example, I had to redefine that network, on the iPhone, at least half a dozen times during this process.)
  The other components have equally quirky issues, and I will discuss the how’s to get around them below.
  In coordinating this into a cohesive plan however, I will break this into three sections;
  1. Wireless and EDGE connectivity
  2. VPN access to your network
  3. Connecting to Exchange
  So, without further ado;
  Wireless and EDGE Connectivity
  The wireless capabilities of the iPhone are, on the surface at least, excellent. It connects seamlessly to unsecured networks, offers the option of prompted or unprompted automatic connectivity, and is capable of 802.11G performance. Not bad for such a small package. However, it is very limited in the forms of secure network access it supports. These are, to quote Apple’s website; (and my iPhone)
  WEP Password
  WEP hex or ASCII
  WPA (personal)
  WPA2 (personal)
  Now, due to the obvious security problems in implementing WEP security, it’s likely that any network you run into is going to be WPA or WPA2. The iPhone ONLY supports the personal versions of these protocols, so be aware of this going into the situation. If you’re not connecting to your work or school wireless, and you’re entering the information correctly, then it’s probably because they have the Enterprise version of one of the protocols enabled. If that is the case, then you’re either hunting for unsecured hotspots, or else depending on EDGE.
  In my case, I did have access to a WPA2 (Personal) enabled wireless signal to connect to my internal network. I thought my problem was half solved! I defined the connection, the wireless capability of the phone worked perfectly, and I was connected. I was wrong. Apparently, and judging from the Mac forums I’m not alone in this, the iPhone does not do a very good job of RE-connecting to a secured wireless network. It does an even worse job, when this is coupled with the fact that it doesn’t do a very good job reconnecting to a wireless network with an unpublished SSID.
  After much fiddling and research into this, I determined that this simply was not the way to go, and I abandoned the idea. I wasn’t about to compromise my network security in order to get this silly phone working! So, that left me with either unsecured WiFi, or EDGE.
  Either one of these connects pretty seamlessly, and gives me a relatively decent Internet connection. There are some issues being reported of the iPhone swapping between EDGE and WiFi for not apparent reason, but that said, it can still be made to work.
  Now that I had this connection outside of my network, I obviously had to consider options for getting a secured connection into my network, which of course leads us to;
  VPN Access Into Your Network
  Being that this device was touted as the ‘real internet’ I was very excited to see if I could achieve this connection through my SSL VPN appliance. To make a long story short, I could not. Because Apple’s idea of the ‘Real Internet’ apparently does not include those wacky concepts like Java support, this proved to be impossible. My Apple cohorts will scream that it does support JavaScript, but we all know that that and 2 bucks will get you a small coffee at Starbucks… and not much more.
  (The iPhone also does not support Flash, but that’s a topic for another conversation. I know, how could they leave that out? I’m amazed too, but then Steve Jobs always has been a bit too arrogant for his own good… I mean what does he expect, we’re all going to rewrite everything into QuickTime??? Please.)
  Since that option didn’t work, I was left with the wide selection of two possibilities provided within the iPhone software. Either, a PPTP or L2TP VPN tunnel.
  We went ahead and configured a PPTP connection on one of our Cisco routers in order to test this. It didn’t work. I couldn’t connect to it. Tried and tried. Nada. SOOOO, we said OK, and configured a L2TP connection on one of our Cisco routers, with similar results.
  Figuring that this was something in the config, we called Cisco, and did the technical support dance with them for several days, trying one thing after another to get this connection to actually work. Nothing helped, and it never worked using either protocol. Then, I noticed an obscure article somewhere on some website that said something to the effect that getting one of these tunnels to work from the iPhone to Cisco was nigh on impossible.
  About the same time, my senior network guy said screw it, let’s put this on a Microsoft server. And so we did. Now, this is interesting in it’s own right, because configuring out of the box L2TP or PPTP on a Microsoft server results in a default authentication method of Windows Authentication. This does not work for the iPhone, because it has no idea what to do with the Windows security token it receives. So, you authenticate, and then are immediately dropped due to an inability to communicate with the PPP server.
  Fortunately, we (as do most organizations) have a Radius server. We selected Radius authentication, configured both sides of the Radius authentication setup properly, and launched the PPTP tunnel…. AND…. EUREKA!!! The iPhone’s VPN software connected, authenticated, got an IP, and I was on the network! Well, no.
  After about 2 seconds, I realized that while I did indeed have a connection, I couldn’t do anything with it. Couldn’t even browse to an internal site via IP address. The connection was up, the connection was working, the connection was useless.
  So, we decided to give L2TP a shot. Configured it pretty much identically to the PPTP setup, used Radius, launched the iPhone client, and finally, after many days of screwing around, it worked. Now all I needed was to get my email working, so I started working on;
  Connecting to Exchange
  In the Mail program on the iPhone, the first time you launch it, you’re presented with the ability to configure an email source. However on subsequent or additional accounts, you must go under Settings, Mail to get to this functionality.
  Going into the Mail configuration, I selected an additional account, the account type is, of course, Exchange. The configuration components are pretty obvious, however some things of note are;
  Do NOT include your domain information in the User Name field
  For all Host Names, use the fully qualified domain name of the server, or else IP
  You WILL need to have SMTP enabled somewhere in order to send email
  Anyway, I set all this up, and nothing happened. It said that my server was not responding. Did a little research, and it turns out that the only way to connect to Exchange is through an IMAP4 connection, and just in case you didn’t know, IMAP4 is disabled by default, so you have to enable and configure it.
  Went onto the Exchange server, set the service to Auto, Started the listener, and finally, at long last, EUREKA! I finally had Corporate email on my iPhone, connecting securely, and not sending anything plain text anywhere. Hooray!
  Now for the problems with this solution;
  First of all, it depends upon VPN access into your environment, something that you may or may not be comfortable with. One good thing is that the iPhone does prompt for password to reconnect, and will tie the continuity of the VPN connection into the general phone lock security, such that an inability to provide the appropriate access code to a locked phone results in the VPN not being accessible.
  The VPN of course is dependant upon a reliable network connection. I’ve noticed that it’s somewhat graceful in switching between WiFi and EDGE, however it’s not totally graceful, and you can experience some hinky things, like being able to send and not receive, or the mail client saying ‘Connecting’ for about 5 minutes before it figures things out.
  The best cure for this is to simply stop and restart the VPN connection. Note that when you reconnect, the first attempt will prompt you for a numeric password, this is meaningless unless you have the device lock turned on. Just enter anything. (I think this is another bug) THEN it will re-prompt you for your real VPN password.
  This solution for email delivery is obviously dependant upon the VPN connection being active. I’ve noticed that at times the iPhone will disconnect the VPN (probably when service switching) and not bother to mention it. When that happens, of course the VPN must be restarted.
  For the lazy, this is an inconvenient solution because while it would appear that the iPhone will cache the VPN password, in fact it will not. That means that each re-launch requires that you re-enter your password. Not terrible for me, but I could see it being very tedious for the average corporate user.
  The OSX Mail client has several little deficiencies, which may or may not impact your use of the device in this manner. For instance, if you have subfolders defined for your inbox, and server side rules to move mail into them, then you will not see any synchronization of that mail until you actually select the subfolder. Also, since there is such poor management of attachments and downloads, moving anything around via email on this device is nigh on impossible.
  EDGE access to your corporate email, via a VPN, is a bit sloooooow. It works, it’s certainly fast enough for my purposes, but it’s not the slick quick access that we’ve all become accustomed to with Blackberry and Good devices. The lack of 3G support becomes a very noticeable shortcoming here.
  (Why Apply didn’t simply partner with Good Technologies to crank out a client for this thing, I’ll never understand, but I guess you can refer to my comment above about certain people’s arrogance.)
  The biggest problem of all of course is that it’s simply klugey. I hate klugey. But, with the capabilities at this device’s disposal, and given Apple’s ambitious, if a bit idiotic, stance that no third party will develop software for the iPhone, then this is about as good as it’s going to get for now.
  It is my understanding that overseas there is some initiative underway to provide a more seamless Visto or Synchronica integration for enterprise email. However, given Apple’s unbelievably restrictive agreement with ATT regarding this device and the OTA necessity of delivering the client, I seriously doubt if we’ll see this in the near future in the US.
  But I digress, so…
  In Conclusion
  This solution is not for the faint of heart, it doesn’t work all that well, and it has way too many moving parts that are subject to failure. However, I would say that this solution is serviceable for the corporate technology professional who needs email, and really, REALLY wants the other features of the iPhone. (ie, phone whores such as me.) It requires patience, it requires an understanding that this is not a 100% thing, and there definitely needs to be a prebuilt expectation that this device will not serve your email in anything approaching the manner to which you’ve become accustomed.
  As long as all of that is okay though, then go right ahead, set it up, and enjoy!
  The Short Version;
  (I put this at the end because I want everyone to feel my pain!)
  Wireless:
  Use unsecured wireless or EDGE. Secured wireless may be serviceable as long as the SSID is broadcast, but there are known issues with this.
  VPN:
  L2TP, shared secret, running on Microsoft server, with Radius. (May work elsewhere, but doesn’t seem to run on Cisco at all) Accounts enabled for external access.
  Exchange:
  Configure IMAP4 Virtual Server on your Exchange environment, ensure that you have some SMTP resource for outbound email, use fully qualified domain names for all servers (or IP) in the mail config and do not include any domain prefix or suffix for user accounts.
  The BIG Disclaimer at the End
  Please note that all of this is provided ‘as is’. It worked for me, and I hope it works for you. To my knowledge, it’s not endorsed by Apple, and I’m not in the business of providing support for this thing. If it breaks something, if it doesn’t work, or if you simply don’t like it or me, I don’t care. However, if you have a question, and I’m not busy, and I feel like answering, I may lend a hand. You can email me at
  Matthew dot Yotko at mac dot com
  Don’t be surprised or offended if I don’t answer. Also, understand that I don’t check this address every day… Maybe a couple times a week.
  Macbook Pro   Mac OS X (10.4.10)   iphone

  Thanks, now I understand why the wifi keeps dropping. On my personal wireless network, it also seems the distance from the access point is not good compared to my laptop. At work our network & exchange teams don't seem to have the desire to struggle with this "toy" until customers start forcing its adoption. I am using OWA and it works fine over EDGE. I will share your posting with them.
  Thank you again.
  Dell   Windows XP Pro

• HP Deskjet 3050 - Unable to connect to WPA secured wireless network

  Hello,
  My first post here so please excuse any faux pas on my part.  I bought this HP Deskjet 3050 a week ago and have been waging war with it ever since.  I'd be really grateful if someone could possibly advise on how I can resolve this.
  I am unable to connect the printer to my secured wireless network, even though other computers, cell phones, etc. are connected without issue.  I have tried WPA, WPA2 and WPA2-Mixed security modes with the same failure. Specifically, the connection wizard reaches 66% and then displays the error that the wizard is unable to find network/printer.  If I disable the security, the printer connects fine.
  I'm using a Linksys WRVS4400N router with firewall and associated firewall settings disabled.  The router is broadcasting on 802.11G/N mixed mode.
  I'm installing the software supplied on the setup CD on a Windows XP SP3 system.  I have confirmed that the network the PC and printer are connected to are the same.
  A question as well, if I may:  I haven't tried these drivers yet but I see there are updated drivers for the printer dated 14/12/2010.  The release notes indicate improved networking, but don't elaborate beyond this.  Does anyone know if there was a known problem with connecting to secured networks that has now been fixed?
  Finally, just a note that I'm partially sighted and am using a screen reader on all systems.  I'll try my best to be as helpful as I can but please do excuse me if I occasionally can't find settings, etc. on screen and need a bit more detailed help.
  Thanks in advance for your help, which I really will appreciated.
  Have a pleasant day,
  All the best for now and take care,
  Hussein.
  It's not the fact it can't be done, it's the fact it hasn't been done, yet.
  This question was solved.
  View Solution.

  HI,
  firstly, apologies for the delay getting back to you.  Poor health has meant I've had little time nor inclination to do much on the computer side of htings.
  Anyway, I'm please to say the problem with the HP 3050 failing to connect to my network is now solved.  It seems to be a bug with the setup software, and that seems to include the latest version posted Dec 2010.
  To resolve the problem, I did the following:
  1. Disable all security options for the network, so it's just an open network.
  2. Connect the HP 3050 to the network using the setup wizard. This time it connected OK for me.
  3. Locate the printer's IP address.  I used the client list table accessed through my router's interface. You may be able to get this through the printer's on-screen menu, but as I'm partially sighted, this wasn't an option for me.
  4. Log into the printer's control panel at http://ip.address.of.printer e.g. http://192.168.2.108
  5. Under the advanced options, configure the settings for the network, including security protocol and passphrase.  Remember to enter the SSID of the network exactly as configured on the router.
  6. Apply the settings and log out of the printer's control panel.
  7. Log back into the router's control panel and re-apply the security options.  Be sure that they match those match those entered for the printer.
  Hopefully this will be of use to others in the same position.
  Thanks again for your time.
  Best,
  H.
  It's not the fact it can't be done, it's the fact it hasn't been done, yet.

• Unable to connect to a secure wireless network - Event ID: 8002 Task Category: AcmConnection..., Event ID: 11006, Event ID: 11006

  Hi, 
  I have a Dell Latitude E6440 running Win 7
  Enterprise 64 on a domain. It will connect to any unsecured network, and it can see the secured network in the list when I click the wireless connection icon on the system tray. When I go to manage wireless networks, the secured network does not show
  up (and thus, I cannot delete the network to try to re-add it). Normally, we would add the secure network here. I click Add, give the name in the correct syntax, add the needed information (WPA/2-Enterprise, EAS or TKIP), and hit Next, it immediately returns
  with "An unexpected error occurred". A similar thing happens when I hit Connect from the list of available networks that pops up when I open the system tray icon: it says it was unable to connect, when I hit troubleshoot, it says that it could not
  identify the problem. The event log shows the error below. I haven't been able to find any resolutions here or elsewhere that address the fact that I can connect to unsecured wireless networks, but not secured wireless networks.
  Other notable troubleshooting steps:
  Uninstalled/Reinstalled wireless adapter with the latest driver
  Other laptops are able to access the same secure wireless network
  The first WLAN-AutoConfig error in the event log was Event ID: 12013, attempting a 802.1x authentication. Then Event ID: 11006; stating "Explicit Eap failure received". After a few days of alternating all 3 errors, they started to only error on
  Event ID 8002.
  Log Name:      Microsoft-Windows-WLAN-AutoConfig/Operational
  Source:        Microsoft-Windows-WLAN-AutoConfig
  Date:          6/4/2014 11:53:55 AM
  Event ID:      8002
  Task Category: AcmConnection
  Level:         Error
  Keywords:      (512)
  User:          SYSTEM
  Computer:      [COMPUTERNAME.DOMAIN]
  Description:
  WLAN AutoConfig service failed to connect to a wireless network.
  Network Adapter: Intel(R) Centrino(R) Advanced-N 6235 Interface GUID: {f27af762-dff8-4927-84e0-7f4ade30dcc9}
  Connection Mode: Connection to a secure network without a profile Profile Name: [SECURE NETWORK NAME]
  SSID: [SECURE NETWORK SSID]
  BSS Type: Infrastructure
  Failure Reason:The specific network is not available.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-WLAN-AutoConfig" Guid="{9580D7DD-0379-4658-9870-D5BE7D52D6DE}" />
      <EventID>8002</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>24010</Task>
      <Opcode>191</Opcode>
      <Keywords>0x8000000000000200</Keywords>
      <TimeCreated SystemTime="2014-06-04T16:53:55.956762800Z" />
      <EventRecordID>1475</EventRecordID>
      <Correlation />
      <Execution ProcessID="432" ThreadID="5348" />
      <Channel>Microsoft-Windows-WLAN-AutoConfig/Operational</Channel>
      <Computer>[COMPUTERNAME.DOMAIN]</Computer>
      <Security UserID="S-1-5-18" />
    </System>
    <EventData>
      <Data Name="InterfaceGuid">{F27AF762-DFF8-4927-84E0-7F4ADE30DCC9}</Data>
      <Data Name="InterfaceDescription">Intel(R) Centrino(R) Advanced-N 6235</Data>
      <Data Name="ConnectionMode">Connection to a secure network without a profile</Data>
      <Data Name="ProfileName">[SECURE NETWORK NAME]</Data>
      <Data Name="SSID">[SECURE NETWORK NAME]</Data>
      <Data Name="BSSType">Infrastructure</Data>
      <Data Name="FailureReason">The specific network is not available.</Data>
      <Data Name="ReasonCode">163851</Data>
      <Data Name="ConnectionId">0x6</Data>
    </EventData>
  </Event>

  check this article:http://technet.microsoft.com/en-us/library/cc735927(v=ws.10).aspx
  also could contact your domain administrator to ask for help.

• Simple Plug and Play Secure Wireless?

  I am trying to setup a simple way to have wireless users on our network be able to connect to our access points, authenticate to our ACS Server (Cisco Hardware ACS applicance) but without having to go through special configurations on the client. This needs to be secure too and not easily broken. We are using Cisco 1200 and 1300 802.11G AP's and the clients vary from having integrated wireless NIC's to running Cisco Wireless cards, to running other branded cards. We are currently using PEAP, but it is time consuming to configure and sometimes confusing to the users. I was thinking of switching to open authentication on a isolated subnet and using a Cisco BBSM (Building Broadband Service Manager) to securely connect to our network, but Cisco just made this device end of sale, end of life, so I'm hesitant to go this route. WPA/WPA2 or some of the other PEAP/EAP/LEAP are configuration intensive too. Any suggestions? Does cisco have anything to replace the BBSM? What about PPOE? Would this be an alternative? Can I use a router or firewall to terminate these connections or would I need a specialized server or other device? I really need a simple way to securly connect end users to our wireless network without any undue configuration on their end.

  Probably the easiest would be to keep the wireless communications open, and use a VPN concentrator running to an SSL VPN client on the laptops/pcs.
  All they'd have to do is aim their browser that the VPN gateway, and allow the SSL client to be downstreamed to their computer.
  Beyond that, use your BBSM proxy or provide user auth at the VPN concentrator.
  Leave the SSID in broadcast mode ("guest").
  With this system, most clients can find the wireless system (SSID broadcast), the encryption via the SSL VPN is very strong, and there'd be no real configuration for the clients. Just aim the browesr at the VPN gateway/concentrator and enter the username and password.
  Also, make sure you enable "Public Secure Packet Forwarding" (PSPF) to prevent one client from attacking other clients on te wireless LAN.
  Users that use the system on a regular basis could get / use certificates for authentication. If they're on the system a lot, then the minor grief of setup would be worth it.
  The SSL client uses Java, I believe, so it should be fairly universal (i.e., not platform specific). I haven't tried te SSL client n any system other than MS Windows so I can't really comment on *nix or Mac.
  The SSL gate ( 3000 series) that we use for our Lab access seems to work pretty well.
  Good Luck
  Scott

• Wireless vs secured wireless

  I am encountering a problem where one of my laptops will not see the secured wireless linksys connection.  It sees linksys, but only the unsecured.  So far, I have gotten the other computers in my home to see the secured network, I then enter the password and it connects fine.  However, for this one laptop, it will not find teh secured network.  Anyone have any suggestions?
  James

  Fun story as to why you should never use the default SSID:
  My friends and I were renting a house together one year and were just setting up our wireless network. We had a fresh router set up at a spot where we could all get pretty good reception, then we went to secure it. We were not the only ones with an SSID of "Linksys", so we chose the one with the better signal, assuming it was ours. It wasn't. It was our neighbor's unsecured network. We, of course, did not realize this as we secured it.
  It took us a day or two to realize our mistake, and we gave our neighbors their wireless network back.

• What is the number for Verizon Wireless  Corporate Customer Service Complaint for CA

  My Complaint:  I have been a Verizon Wireless customer for approx 20 years.  I called customer service to seek an early upgrade for my daughter's phone. She is away in college and her phone is malfunctioning.  She is eligible for an upgrade in approx 6 weeks so I did not want to spend the money on a replacement phone when since we were planning on updating to something newer.  The customer service rep to me they could not do the early upgrade an to call back in a few weeks. After explaining this was unacceptable (I do not like the idea of a young female being out of state and away from home with no reliable means of communication), she places me on hold to later return with the only offer of  I must purchase a new device through her ( over the phone) which will be shipped to me, the phone was priced $100.00 more than the online price (they will not price match), plus i must pay $30.00 upgrade fee, $35.00 activation fee and taxes on the retail price of the phone.  I am upset and disappointed with the quality of service provided by Verizon being a 20 year customer.  If not for the seriousness and urgency of this matter, i would not have asked for an early upgrade.  It is times such as these that you get to see how much of a "valued customer" you really are.   I guess you are valued as long as you pay your bill and continually  purchase their products.  I would like to speak with someone from Verizon's corporate or customer relations department.  As of now I am really considering changing my service to a different provider.  I have multiple accounts with Verizon and i will canx each after the current contract committment expire (starting with my daughter's phone which expires in 6 weeks) In the meantime I will go purchase her a new phone with someone else and take comfort knowing she will have reliable communication.

  I started with them in 1985. It has been wonderful service but very expensive. They seem to operate on day of deposit day of withdrawal. That means that I have no benefits nothing beyond the normal customer if I don't pay my bill they shut me off. That's why I have switch to another provider and I have better service lower cost and better phones. you can't beat  other providers I mean it. Please don't expect more from verizon other than a "pay me more money and I'll do what you want" because it's all about money. Read the transcripts from current Verizon employees all over the internet. The company is going down and they're taking customers with them.
  msvat <[email protected]> wrote:
  msvat  created the discussion
  "What is the number for Verizon Wireless  Corporate Customer Service Complaint for CA"
  To view the discussion, visit: https://community.verizonwireless.com/message/1113982#1113982
  >

• Connecting with secure wireless

  Hi, this is my 1st venture with an apple computer but I seem to have hit a wall already.
  I am using a wireless G unbranded router that is secured by a 10 digit WEP passcode, it can also be set up to use WPA but I had trouble with the vista laptop that connects to the network using WPA, there is also an XP laptop which will connect using either. I believe the WEP is only 64 bit so I'll try upping it to 128 and see what happens. For information there are 3 laptops that need to connect all with different operating systems, OSX, XP & Vista.
  The problem is my MBP doesn't like the secured connection, it will connect wirelessly if the connection is unsecured or it will connect via ethernet so I know it can communicate with the router.
  If I secure the connection by WEP then it says connection failed or if I do it by WPA then it says connection timed out, at no time does it have trouble seeing the network.
  Does anyone know what i need to do to get it working. I believe the WEP is only 64 bit so I'll try upping it to 128 and see what happens but does anyone else have any other ideas?
  Many thanks
  James

  Right I am very pleased to say that I am typing this on my secured wireless connection, I could go on about how much I'm loving the laptop but I'm sure you already know.
  I have noticed that when I reboot or put it to sleep that when it comes back on it won't connect again, it says that none of my prefered networks are available but when I click connect it remembers the key but states login failed. In order to connect I use the assist function then diagnostics, select airport, select my network, it then asks if my network is PPPoE or DHCP, I select DHCP, then it scans and states that the connection appears to be working correctly and I'm able to use the net.
  I have to do this everytime, I have updated to the latest software available for everything but it's made no difference. Is there anything that I am doing wrong?
  Thanks again

• Using exisiting wireless network SSID name and settings

  I want to use an existing wireless network SSID and settings as i setup my new airport time capsule.  I plan to turn off the wireless network at the Westell modem/router that now establsihes the network.  what setting do i pick in airport utility?  : extend a wirless network or steup a new wireless network?
  When should i turn off the wirelss at the Westell router?  Before or after running airport utility?

  Establish a permanent Ethernet cable connection from one of the LAN <-> ports on the Westell router to the WAN "O" port on the Time Capsule.
  Configure the Time Capsule to "create a wireless network" using the same settings for the Time Capsule network as the Westell.
  Make sure that the Time Capsule has been configured to operate in Bridge Mode to work correctly with the Westell router.
  Once you have the Time Capsule set up and working, you can turn off the wireless function on the Westell router.

• Secure wireless and generic ldap

  Hi All,
  I'm looking into setting up a secure wireless network and can't seem to find a good fit with environment we have.
  Environment:
  WLC's
  ACS 4.1
  Generic ldap
  95% of laptops use built in Windows XP(SP3) configuration tool.
  I can get everything working fine with Dell Wireless Utility or Intel utility in XP, Vista built in or 3rd party client but I CAN'T seem to get Windows XP built in client to work with anything.
  I read the EAP Authentication Protocol and User Database Compatibility document and found out that I can use EAP-GTC, EAP-FAST phase 2 and EAP-TLS.
  I'm looking into the most seamless way for our users to connect and taking "20 minutes" to configure their network card isn't a really good option.
  Any ideas or suggestion (something I'm missing) would be greatly appreciated.
  Craig

  Hi. I am currently running a whole mix of clients with regards to WPA security. I have most of the laptops on their respective ccx supplicant / utility. However I do have users that run the WZC service from XP. I am not at SP3, but rather SP2 for most of the machines. I'm using PEAP (MSCHAPv2) and it works well in the SP2 environment. I did notice some issues running WZC on Vista with the new Intel N cards and early release drivers, but I didn't get a chance to try the updated versions to see if it would solve the problem. I'm running the Funk OAS radius server and the Microsoft IAS service. The problem with XP and WZC is the lack of EAP types supported. I lucked out because PEAP MSCHAPv2 is natively supported. I'm 99.9 percent positive that WZC under XP does not support LEAP and EAP-FAST since they are Cisco. So, unfortunately in order to get those clients going with WPA Enterprise security you're going to have to install the client card utility or have them run a different EAP type config.

• Secured wireless connection

  I have an older Linksys BEFW11s4 I want to have a secured wireless connection and I don't know how to do it. When I see my wireless connection, it says unsecured.

  The information you seek is located in your manual, searching the web or you may go here.

• Hi, I am trying to print to an HP4050n via a secure wireless network.  It prints but the default page setting sent to the printer is JIS B5.  I have to hit the "Go" to get the printer to print.  I have the correct setting in my Printer Settings (Letter).

  I am attempting to print via a wireless (secure) network to an HP4050n printer.  The document prints AFTER I choose "GO" on the printer.  It is waiting as it wants me to load the JIS B5 paper/tray.  I have the printer defined as Letter but in spite of that, it is requesting a different setting.  I am thinking that because I am using the Generic PCL setting (I also tried the HP 4/5 PCL ) it is not communicating correctly.  It does print once I get up and hit the GO button.
  Any ideas?  Thanks.

  The paper size would normally be coming from the application rather than some setting in the driver. I've never seen the Generic PCL driver send a request for B5, but then I do use A4 rather than Letter and I don't have a PCL printer at home to check this. But I do think it has more to do with the application/document being printed.
  For the application that you are using, is there are a separate Page Setup menu?
  If the page and document is correctly set to Letter, you mention a wireless secure. If you mean something more than a wireless network that requires a password to access it, such as using https to connect to a remote server, then it could be settings for the shared printer queue. Although these shared printers are usually just an access point (throughport) for the remote client. Still, if you do have some additional network server for this secure wireless network, then this could be contributing to the incorrect paper size call.

• Secure Wireless Connection

  I have been thinking about getting the iPhone ever since it came out and I guess I was wondering if anyone could answer whether or not it can connect to secure wireless connections that require a password. I am a college student and we have wireless throughout campus but it requires my student id and password to be typed in if it were used on a computer. Thanks for any information.

  I have the same problem. I can easily access wireless networks everywhere except at work (a college also). Our system requires both a user name and password. Laptops easily access the network but I can't log on with my iphone. It is a real bummer because our campus has thick old brick buildings and edge will not penetrate them meaning that I am dead in the water without wireless. BTW network wireless at the college is the only thing that I don't have working flawlessly on the iphone. I had two of out best IT guys mess with my iphone for a couple of hours and they said that unless apple gives a fix that allow for both a user name and pass work when logging in that they can't help me. ANYONE HAVING THE SAME ISSUE?

• Secure wireless bridge

  I want to establish a secure wireless bridge (with a root bridge and one non root bridge). I can set in the non-root which is the MAC address of the parent, but how can I set in the root bridge with MAC is the non-root one ? I want to avoid other non root bridges can connect to the parent
  Thanks

  Have an encryption running between the bridges. This way even if a unknown nonroot gets associated to the root, you will not be able to transmit or recevie data if the encryption keys are incorrect, and we have control over the encryption keys

• Secure wireless authentication

  I have just been reading all the posts about secure wireless access and I am
  not happy with the direction Novell has chosen to take.
  I have been extremely pleased with Netware, GroupWise & ZenWorks but Novell
  is starting to loose it's appeal.
  Let me summarize what I have learned and see if I have made any mistakes
  with my understanding.
  1. Novell has stopped development on their Radius server and have no plans
  to resume development.
  2. Novell contributed code to the open source FreeRadius project.
  http://www.novell.com/news/press/arc...2/pr05008.html
  3. There isn't any Radius server with 802.1x authentication that runs on
  Netware (Netware kernel).
  a. Novell's Radius server (BMAS or the newer NMAS server) doesn't do
  802.1x authentication.
  b. I have contacted Funk and this is their reply. Steel-Belted Radius
  Server will run on Windows and Solaris (Linux is coming).
  http://www.funk.com/News&Events/sbr_linux_pn.asp
  c. MTG House hasn't gotten back to me about a solution for Netware. (I
  am doubtful, I didn't find anything on their website.)
  4. You need to run a Radius server that does 802.1x authentication and will
  work/integrate with eDir.
  a. FreeRadius (Linux) will integrate with Edir.
  http://www.novell.com/documentation/...ius/index.html
  http://www.novell.com/coolsolutions/feature/15383.html
  b. Funk's Steel-Belted Radius server (Windows, Solaris & Linux is in
  beta).
  http://www.funk.com/radius/default.asp
  c. Aegis Server
  http://www.mtghouse.com/products/aeg...er/index.shtml
  5. You need a 802.1x Client to authenticate to a Radius server for wireless
  authentication.
  a. Microsoft has 802.1x support in their client. (read this from other
  posts in this forum)
  b. Novell isn't planning on putting 802.1x support in the NW Client.
  (read this from other posts in this forum)
  c. There are 2 Radius clients that integrate with the NW Client for
  Radius Edir authentication.
  1. Funk's Odyssey Client ($45 - $50 per workstation depending on
  quantity) + added annual maintenance costs.
  $2281.25 for 50 Client licenses & annual maintenance.
  http://www.funk.com/radius/wlan/wlan_c_radius.asp
  2. Aegis' Client ($32 - $39.99 per workstation depending on
  quantity) + added annual maintenance costs.
  $2240.00 for 50 Client licenses & annual maintenance.
  http://www.mtghouse.com/products/aeg...nt/index.shtml
  http://www.mtghouse.com/novell_app_note_122204.pdf
  3. When FreeRadius is integrated with Edir is this separate client
  still needed?
  I didn't see anything about a separate client being needed while
  reading the Integrating FreeRadius with Edir documentation.
  6. FreeRadius support is going to be built-in to the next version of Edir.
  http://www.novell.com/news/press/arc...2/pr05008.html
  Why didn't Novell contribute code to port FreeRadius to Netware?
  At this point in time they are still giving us a choice between the Netware
  kernel and the Linux kernel. To me that says they are willing to make
  things work with both systems until they drop support for the Netware
  kernel. Ok, so give me support for 802.1x authentication in the Netware
  kernel. I don't have stray single purpose servers floating around my
  network and I don't want to have to begin that practice just to get Radius
  802.1x authentication working.
  I also won't put my district at a disadvantage by upgrading to the Linux
  kernel until I know Linux well enough to administer it properly. I am the
  IT department at this district so I don't have a great deal of extra time to
  run about learning the new things I would LOVE to learn. I'm sure I'm not
  the only person in this situation so Novell should take these things into
  concideration before they just drop support for a product they say they are
  still supporting. Obviously all of the real support is going toward the
  Linux side at Novell.
  Daniel Blake
  Milford Central School

  Ok, I'll give them the benefit of the doubt and say fine the Netware kernel
  might as well be considered dead. So they are giving me support via
  FreeRadius if I just migrate to OES (Linux). Ok, I might/can live with that
  as a Novell decision.
  But that still doesn't explain why they don't give us some client to log in
  via 802.1x. Giving us the server but not the client is like giving us a
  locked door without a key. That's just plain stupid. I would rather stay a
  Netware - OES shop, but if Novell can't think something this simple through
  then I'm a little nervous about staying with them. What could they think up
  next?
  I guess Novell has decided to port all it's software to Windows cause it
  sucks so bad at business decisions. GroupWise & ZenWorks run completely on
  Windows now, so why do I need OES at all? Except for complexity &
  integration issues of course. I mean why would I need to purchase Edir for
  Windows if I didn't stay with OES? Or Nsure Identity Manager for that
  matter. So if we start looking deeper into this we see Marketing all over
  this thing. Novell Marketing has always done such a good job for Novell.
  Novell has given me a real choice that will work though. If I migrate
  completely to a Windows network it just works without any added costs. Heck
  it even makes my installs easier without having to install the NW Client on
  every new workstation. I can still run ZenWorks & GroupWise too.
  Now, how is Novell Marketing going to screw up and make me hate GroupWise &
  Zenworks so I migrate completely away from Novell products? Way to go
  Novell!
  Daniel Blake
  Milford Central School
  "Jim Michael" <[email protected]> wrote in message
  news:[email protected]...
  > mcsdtech wrote:
  >
  >> 1. Novell has stopped development on their Radius server and have no
  >> plans to resume development.
  >
  > Correct, so far as we know.
  >
  >> 2. Novell contributed code to the open source FreeRadius project.
  >> http://www.novell.com/news/press/arc...2/pr05008.html
  >
  > Yes. Code to allow easier integration with eDirectory.
  >
  >> 3. There isn't any Radius server with 802.1x authentication that runs on
  >> Netware (Netware kernel).
  >
  > Correct.
  >
  >> a. Novell's Radius server (BMAS or the newer NMAS server) doesn't do
  >> 802.1x authentication.
  >
  > Correct. It was developed quite a while before 802.1x even existed.
  >
  >> b. I have contacted Funk and this is their reply. Steel-Belted
  >> Radius Server will run on Windows and Solaris (Linux is coming).
  >> http://www.funk.com/News&Events/sbr_linux_pn.asp
  >
  > Correct, but Stell-Belted Radius is probably the last solution I would
  > look at. Radiator is a commercial product that runs on Linux or Windows
  > (it is Perl-based) and you will get far better support from them on
  > eDirectory issues and general Radius problems. freeRADIUS is what I would
  > run on Linux if you don't want to spend a dime on the software.
  >
  >> c. MTG House hasn't gotten back to me about a solution for Netware.
  >> (I am doubtful, I didn't find anything on their website.)
  >
  > Not familiar with them.
  >
  >> 4. You need to run a Radius server that does 802.1x authentication and
  >> will work/integrate with eDir.
  >> a. FreeRadius (Linux) will integrate with Edir.
  >> b. Funk's Steel-Belted Radius server (Windows, Solaris & Linux is
  >> in beta).
  >
  >> c. Aegis Server
  >
  > And Radiator (what I run) http://www.open.com.au This is the solution we
  > run.
  >
  >> 5. You need a 802.1x Client to authenticate to a Radius server for
  >> wireless authentication.
  >
  > Correct.
  >
  >> a. Microsoft has 802.1x support in their client. (read this from
  >> other posts in this forum)
  >
  > Correct. Technically, the "support" is in Windows, not the MS client.
  >
  >> b. Novell isn't planning on putting 802.1x support in the NW Client.
  >> (read this from other posts in this forum)
  >
  > Correct.
  >
  >> c. There are 2 Radius clients that integrate with the NW Client for
  >> Radius Edir authentication.
  >> 1. Funk's Odyssey Client 2. Aegis' Client ($32 - $39.99 per
  >> workstation depending on
  >
  > Correct.
  >
  >> 3. When FreeRadius is integrated with Edir is this separate
  >> client still needed?
  >
  > Yes. You ALWAYS need a 802.1x supplicant (client) on the workstation.
  > Windows has one built-in, which works FINE against eDirectory. HOWEVER,
  > because of the way it works you must log into eDirectory *after* fully
  > logging into windows. That is unacceptable to most organizations (you
  > would have to manually log in and map drives to NW, etc). This is why
  > there are third-party clients that integrate specifically with the NetWare
  > client.. they allow the 802.1x authentication to "insert" itself
  > in -between the Windows and eDirectory login, thus preserving all of the
  > normal features like dynamic local user, zen policies, etc.
  >
  >> I didn't see anything about a separate client being needed
  >> while reading the Integrating FreeRadius with Edir documentation.
  >
  > A client is always assumed.
  >
  >> Why didn't Novell contribute code to port FreeRadius to Netware?
  >
  > Because Novell's future direction is Linux, and there isn't much demand
  > for a NetWare Radius server.
  >
  >> At this point in time they are still giving us a choice between the
  >> Netware kernel and the Linux kernel. To me that says they are willing to
  >> make things work with both systems until they drop support for the
  >> Netware kernel. Ok, so give me support for 802.1x authentication in the
  >> Netware kernel. I don't have stray single purpose servers floating
  >> around my network and I don't want to have to begin that practice just to
  >> get Radius 802.1x authentication working.
  >
  > You can always make your wishes known at
  > http://support.novell.com/enhancement
  >
  >> I also won't put my district at a disadvantage by upgrading to the Linux
  >> kernel until I know Linux well enough to administer it properly. I am
  >> the IT department at this district so I don't have a great deal of extra
  >> time to run about learning the new things I would LOVE to learn. I'm
  >> sure I'm not the only person in this situation so Novell should take
  >> these things into concideration before they just drop support for a
  >> product they say they are still supporting. Obviously all of the real
  >> support is going toward the Linux side at Novell.
  >
  > I understand the frustration, but I doubt things will change. There is a
  > big difference between "supporting" existing products and adding major
  > enhancements to products to support new standards. I just don't think
  > Novell believes it is worth dedicating development resources to enhancing
  > Radius on NetWare, for those few that can't/won't run a Linux or Windows
  > box where the software already exists.
  >
  >
  > --
  > Jim
  > NSC SYsop