Using WPA Enterprise on Windows XP to Access Cleveland State University s Wireless Network (WoWnet) What is WPA (Wi-Fi Protected Access)? WPA is a powerful, standards-based, interoperable security technology for Wi-Fi networks. It provides strong data protection by using encryption as well as strong access controls and user authentication. WPA can be enabled in two versions - WPA- Personal and WPA-Enterprise. WoWnet utilizes WPA Enterprise (aka 802.1X WPA). WPA-Enterprise verifies network users through a server. WPA utilizes 128-bit encryption keys and dynamic session keys to ensure your wireless network's privacy and enterprise security. Prerequisites 1. Windows XP SP2. This document will show any differences with SP3. 2. A Wi-Fi certified Wireless network adapter capable of WPA Enterprise security and support for Windows XP Zero Configuration (WZC) feature. Wi-Fi certification can be verified in the PCs and Computing Devices - Adapter Cards section at the Wi-Alliance s Certified Products website: http://certifications.wi-fi.org/wbcs_certified_products.php?lang=en
Configuring Wireless Network Connection Properties 1. Be sure the wireless NIC is inserted and the most current drivers are installed on your computer. 2. If a vender-supplied utility was installed, configure it to allow windows to configure the adapter or for Windows Zero Configuration (WZC) see the checkbox in Figure 3. 3. Double-click the My Computer icon, select Control Panel then, from within the Control Panel, double-click Network Connections. To find the Control Panel, you may have to click the Folders button or use the View menu (Figure 1) you can also find the Control Panel through the Start button. Figure 1 - Finding the Control Panel 4. Right-click on Wireless Network Connection, and then click Properties to open the Wireless Network Connection Properties window (Figure 2). Figure 2 - Wireless Connection Properties
5. Click on the Wireless Networks tab 6. In the Preferred networks: area, click Add or Properties (Figure 3). Figure 3 Wireless Networks Properties 7. In the Network name (SSID): field enter 4csuuseonly 8. In the Network Authentication field enter WPA and for Data Encryption choose TKIP (if not already chosen). PC s at the SP3 level should check the box next to Connect even if this network is not broadcasting so if you don t see this your PC is at level SP2. Figure 4 - Wireless Network Properties
9. Click on the Authentication tab. 10. For EAP type: select Protected EAP (PEAP). 11. Verify that both options Authenticate as computer when computer information is available and Authenticate as guest when user or computer information is unavailable are unchecked. 12. Click Properties to open the Protected EAP Properties window. Figure 5 - Opening PEAP Properties 13. Select the option Validate server certificate. 14. Click the option Connect to these servers: and enter the following in the blank field acs-wow.csuohio.edu;acsbackup.csuohio.edu (no spaces and don t forget the semi-colon). 15. Scroll down towards the bottom of the Trusted Root Certification Authorities: section and click the checkbox for the fifth to last VeriSign Trust Network certificate (as shown). 16. Select Do not prompt user to authorize new servers or trusted certification authorities. 17. Set Select Authentication Method: to Secured password (EAP-MSCHAP v2) 18. Select Enable Fast Reconnect. If your PC is at level SP3, leave the other two check boxes unchecked (Figure 6 show the SP3 choices). Figure 6 - PEAP Properties
19. To verify that the correct certificate is selected, double-click your choice for Verisign Trust Network to open the Certificate window..click the Details tab (Figure 8). 20. Verify that the Serial number begins with 7d d9 fe 07 cf a8 1e b7 10 79. If not, the correct certificate must be selected as in step 15. 21. Click OK to return to the Protected EAP Properties window (Figure 6). Figure 7 - Certificate General Properties Figure 8 - Certificate Details 22. Click Configure near the bottom right corner to open the EAP MSCHAPv2 Properties (Figure 9). 23. Uncheck the box Automatically use my Windows logon name and password (and domain if any). Click OK. Figure 9 - EAP MSCHAP Properties
24. Click OK three more times, to close all the network configuration windows. If you leave the box, Do not prompt user to authorize, unchecked (Figure 6), you will see the box shown on the right and you ll need to respond with OK 25. Click on the balloon window above the icon tray that states Click here to select a certificate or other credentials for connection to the network 4csuuseonly. 26. In the Enter Credentials window, Enter your CSU ID number in the User name: field. Enter your CampusPass password in the Password: field. You may leave the Logon domain: field empty. 27. Click OK. You should now be connected to WoWnet. To test your connection open your web browser and go to http://www.csuohio.edu If you experience any problems while attempting to connect, please contact the Cleveland State PC Repair Shop at 216-802-3350.