Why can’t I connect to AirVandalGold or eduroam, but I can connect to AirVandalHome and AirVandalGuest?

Symptoms:

    The device is unable to authenticate when connecting to the following SSIDs:

  • AirVandalGold,
  • eduroam

    These same devices will connect to the following SSIDs:

  • AirVandalHome
  • AirVandalGuest

Examples of impacted devices:

  •  Android phones using OS versions 9.x and older.
  •  Apple devices using iOS versions such as Mojave 10.14.6 and older.
  •  Older Chromebooks (AUE date 2015 and older)
  •  Linux distributions that have not been updated for a very long time, ~2014 era

Many University Wi-Fi SSIDs require Protected Management Frame (PMF)

Due to encryption standards on the University of Idaho WiFi network to maintain security, certain devices are not permitted to connect to wireless networks.

Explanation:

These older devices are unable to connect due to not supporting WPA3 or WPA2 Enterprise with protected management frames.
As these devices are also no longer receiving updates or security patches, they are not permitted on most UI wireless networks.

If the device is still receiving support, the user should try updating the device's wireless drivers.

If the device is no longer receiving security updates, it should NOT be connected to the UI network.  This can be found in the University of Idaho APM 30.12:

  • APM 30.12 Acceptable use policy:
    • Section D-1 User Responsibilities:
    • "Actively maintain the security of all devices accessing U of I technology resources or being used to access, store, or process U of I-maintained data."

Devices without PMF support can still connect to AirVandalGuest.  Users have the option of registering the device using the AVSetup tool which will allow it to automatically bypass the guest portal.

  •     Register the devices' wireless MAC using the AV Setup tool. 
  •     Select the "Wireless device (Smart TV, AppleTV, Fire Stick, XBox, PS4, etc.)" radio button
  •     This will automatically put the MAC record into the VRBYPASS02 network
  •     After 12-18 minutes, the user will be able to connect to AirVandalGuest (using the pre-shared key*: GoVandals!) without the login portal.
  •     Devices setup this way will receive a consistent experience across the entire UI wireless network

OIT recommends using eduroam, AirVandalGold , if possible, because protected management frames [PMF] provides better protection to the well known limitations of a preshared key networks like AirVandalGuest which are vulnerable to eavesdropping and spoofing.

Reference Links:

 

Print Article

Details

Article ID: 3128
Created
Fri 8/16/24 11:10 AM
Modified
Mon 8/19/24 10:27 AM