NeTel

Web Services Council

TigerNet and DeviceNet


NOTE: In order to use the Wireless Network, you must have a vaild Computer Acccount.

What is happening?

There are two new wireless Service Set Identification (SSID) names being broadcast from the ISU wireless network. The TigerNet and DeviceNet SSID names are replacing the old BengalNet SSID.

If your device is 802.1x compliant you will simply select the TigerNet SSID and when asked for your user name and password, you will enter the same user name and password you use for BengalWeb and then accept the certificate offered.

If your device is not 802.1x compliant, and you are faculty/staff, you will want to register the MAC address of your wireless card with the IT Service Desk (x4357 or HELP) and use the DeviceNet SSID.

If your device is not 802.1x compliant, and you are a student, you will want to register the MAC address of your wireless card in the Student Devices Portal and use the DeviceNet SSID.

Why?

Wireless technology continues to evolve. The demand for "everything wireless" is driving electronic device manufacturers to wireless enabled more and more devices each year. We want wireless signal; we want access to the Internet, no matter where we are. Our society has become so mobile, and expectations for mobility are so high, that the enabling technology is struggling to stay ahead of the demand. In order to stay as current as possible ISU NeTel has upgraded the wireless infrastructure to include new wireless controllers, new wireless management software, and is adding more wireless Access Points (APs) in every building throughout campus. These measures, in conjunction with enabling newer wireless security measures, and a desire to simplify access, are driving the move to new SSID names.

Why can't I continue to use the BengalNet SSID?

The BengalNet SSID will retire sometime on, or shortly after, the first of January 2014.
You may see the BengalNet SSID for some time thereafter, but if you attempt to use it, you will have limited or no access, even though your device may attach to it. Simply put, the technology does not allow us to use BengalNet with an older and newer security protocol at the same time. If we were to disable the old security protocol on BengalNet and enable the new security protocol on BengalNet, many end user devices that cannot use the newer protocol would stop working. We need a time period where there is an overlap of technologies, and the best way to facilitate that is to have multiple SSID names, each with a unique function, purpose, and protocol.

What will be different?

You will no longer need to register the MAC address of your wireless device.
You will simply "Forget" the BengalNet SSID and select the TigerNet SSID. When you "Connect" you will be asked for a user name and password. The user name and password is your BengalWeb user name and password. Once you have entered those in you will be asked to accept a certificate. Accept the certificate, and you are connected. No more calling the IT Service Desk or waiting in line to register your MAC address.

What is this new security protocol you refer to?

As wireless use and distribution has grown, so has the need for increased security measures. Out of the box, most consumer wireless routers (APs) for home and small business use, come out of the box with no security settings. They also come with a default SSID. If you take the wireless router (AP) out of the box and plug it in without making any configuration changes, the AP will begin broadcasting the default SSID with no security, i.e. your communications will not be encrypted. You will be able to immediately begin surfing the web. Problem is, anyone seeing your signal will be able to attach to your AP. Your neighbor next door would be able to use your Internet service, as well as potentially access your PC, including files. For this reason, security measures have been included in the IEEE 802.11 wireless standard since its inception. The first generation of wireless security protocol was called Wired Equivalent Privacy (WEP) and was included with the original IEEE 802.11 wireless standard. Then came WiFi Protected Access (WPA or 802.11i-standard) and finally WiFi Protected Access II (WPA2 or 802.11i-2004). Over time, each of these security protocols have proved to have weaknesses that can be exploited, if not properly implemented.
In an attempt to further improve security and ease of access for wireless users at ISU, the Networking and Telecommunications Department (NeTel) has chosen to implement a Network Access Control (NAC) protocol, referred to as 802.1x. Using the strong encryption methodology of WPA2, in conjunction with NAC, significantly improves security while making access easier for authorized users.

When using TigerNet, one of the things you will notice is, it will not request a security key. 802.1x uses your personal BengalWeb login credentials as the basis for the security key. So, rather than everyone who used the BengalNet SSID and the WPA2 shared key of icmjn3tx25, each user will have their own personal security key.

Will all my wireless devices be able to use TigerNet?

It depends on the device.
Almost all devices that have some type of browser or a standard operating system such as Windows or Apple OSx/iOS is 802.1x compliant. Devices such as your PC, Laptop/Notebook, SmartPhone, and Tablet are almost all 802.1x compliant.
Devices such as printers, gaming consoles, and other devices that do not have a browser or standard operating system will not be able to use TigerNet. That is where DeviceNet comes in.

IMPORTANT NOTE: TigerNet is to be used on devices used by one individual. If a device is 802.1x compliant, but is used as a shared device by multiple users, such as a laptop or tablet that is checked out, or a computer lab, you will need to call the IT Service Desk to register the device. Using your personal user name and password credentials on a shared device allows other users of that device to have access to your credentials.
The importance of not sharing your username and password (credentials) with anyone cannot be stressed enough. The credentials you use to access TigerNet are the same as your BengalWeb and eMail login credentials. When you use your credentials on a shared device, or a friend's device, that device is now registered to you and any misconduct on another's part will be your responsibility, not to mention, by sharing your credentials you have compromised your BengalWeb and eMail accounts. You should only enter your username and password into your own personal devices and then keep those devices locked when not in use. After entering your credentials into a device, the information can be recovered and viewed by other users of that device if not properly secured.

What is DeviceNet?

For devices which are not able to use the 802.1x NAC protocol, we are implementing DeviceNet. Rather than using your username and password for access to the wireless network, you will be required to register your wireless device MAC address.

For faculty and staff, you will simply call the IT Service Desk (x4357 or HELP) and they will assist you in connecting your non-802.1x device to the wireless network.
Click here for additional information on the faculty/staff DeviceNet.

For students, a Student Devices Portal has been developed and you will be able to self-register up to (3) non-802.1x devices.
Click here for additional information on the Student DeviceNet.


How do I use TigerNet?

Once you select the TigerNet SSID you will be prompted for a username and password, Enter your BengalWeb username and password. You will then be prompted to accept a certificate for the authentication server, accept the certificate prompt for merry.netel.isu.edu or merry2.netel.isu.edu. After accepting the certificate, you should now be on the TigerNet wireless network. Once you have gone through this initial login process you should not have to login on the device again for the rest of the semester, unless you change your password for BengalWeb. If at any time during the Semester you change your BengalWeb password, your wireless devices will no longer connect to the TigerNet network until you enter your new password in your wireless device.
NOTE: Before you select TigerNet for the first time, use your wireless settings to "Forget" BengalNet. Additionally, it is not uncommon that the first time you use your user name and password for TigerNet that it will fail. Simply try again. The second time is often the charm.

Summary:

Connection Steps for TigerNet:
1. Connect to TigerNet SSID
2. Enter your username and password (your BengalWeb credentials)
3. Accept the Certificate for merry or merry2.netel.isu.edu
4. Access is either granted or denied based upon your login credentials

* Not all operating systems display information the same, some operating systems give you more information than others. Multiple attempts at entering your information may be needed to successfully connect to the wireless network.

Here is the great thing about this new network, when you select the TigerNet network (SSID) on your wireless device, it will ask you for your username and password. The username and password is the same one you use for eMail and BengalWeb. That's it! You will no longer need to go to the ITS Service Desk to register your device. When you login, your device is automatically registered.

IMPORTANT NOTE: TigerNet is to be used on devices used by one individual. If a device is 802.1x compliant, but is used as a shared device by multiple users, such as a laptop or tablet that is checked out, or a computer lab, you will need to call the IT Service Desk to register the device. Using your personal user name and password credentials on a shared device allows other users of that device to have access to your credentials.
The importance of not sharing your username and password (credentials) with anyone cannot be stressed enough. The credentials you use to access TigerNet are the same as your BengalWeb or eMail login credentials. When you use your credentials on a shared device (or a "friend's" device) that device is now registered to you and any misconduct on another's part will be your responsibility, not to mention, by sharing your credentials you have compromised your BengalWeb and eMail accounts. You should only enter your username and password into your own personal devices and then keep those devices locked when not in use. After entering your credentials into a device, the information can be recovered and viewed by other users of that device if not properly secured.

Why do I get a prompt to accept a certificate when I associate to TigerNet?

Answer: The TigerNet network uses a technology called 802.1x authentication to grant you access to the wireless network by sending your credentials to one of two authentication servers. (merry.netel.isu.edu and merry2.netel.isu.edu). Different operating systems display the authentication server information in different ways, APPLE devices will give you more information about what authentication server/certificate you are accepting, while other operating systems, like Windows 8, gives you very little information about the authentication server/certificate you are about to accept. In fact, for Windows 8 it will look like a security warning. This is not a problem, and you will need to accept the certificate to successfully connect. Detailed information on this subject can be found on BengalWeb under the "How Do I" tab or by contacting the IT Service Desk at 208-282-4357 or help@isu.edu.


To login to TigerNet using Windows XP


You will need to choose TigerNet from the available wireless networks. This will create a wireless profile in windows so you can configure Windows XP correctly to connect to TigerNet.

Choosing TigerNet from available wireless networks on Windows XP



Windows XP will try to Validate your Identity using the PC login credentials and will result in a certificate error.. we will fix this in the next few steps.

Windows XP validating a user's identity while connecting to TigerNet. The TigerNet certificate error on Windows XP.



To setup Windows XP for 802.1x connections on the TigerNet profile select "Change advanced settings"

Location of the 'Change advanced settings' button.



Select the "Wireless Networks" tab.

The wireless networks tab.



From the "Wireless Networks" tab select TigerNet under "Preferred networks:" then select the "Properties" radio button. This will open a new window for TigerNet properties.

TigerNet connection properties.



From the TigerNet properties window select the "Authentication" tab. This will open the Protected EAP properties window.

Protected EAP properties window.



From the EAP properties screen scroll down and select the GoDaddy certificate to be trusted from "Trusted Root Certification Authorities:"

Location of



Check the two Godaddy certificates.

The GoDaddy Certs.



After checking two Go Daddy certificate boxes select the "Configure" radio button for "Authentication Method". This will bring up the "EAP MSCHAPv2 Properties" window

Unselect "Automatically use my windows login name and password (and domain if any)." This will force windows to prompt you for your username and password when connecting to TigerNet.

'EAP MSCHAPv2 Properties' window.

Select "OK" on all the windows that have been opened through the entire process above.
You have now configured Windows XP to trust the Go Daddy certificates necessary to use TigerNet. Windows will now prompt you for a username and password when you attach to TigerNet.



Select the popup bubble to connect to TigerNet with your credentials.

TigerNet popup bubble.



You will be prompted for your username and password.

Username and password prompt.

Once you have entered your username and password you will need to reboot your computer to complete the TigerNet configuration.

Your credentials should not need to be entered again until you either change your BengalWeb or ISU eMail password. However, you may need to accept a certificate again for the other authentication server.


To login to TigerNet using Vista, Windows 7, Windows 8


In your bottom right tray, Click on the wireless icon > Select TigerNet > Select "Connect".
A Network Authentication window, as shown below, will be displayed.
Enter your BengalWeb login credentials, Click OK.

Username and password prompt.



Once you enter your login credentials you will be promoted to Terminate or Connect to the authentication server. Click on Details.

Windows Security Prompt.



You will now see the server name and certificate authority. If the server is merry.netel.isu.edu or merry2.netel.isu.edu accept the certificate and server by clicking on "Connect"

Certificate Alert.


Once you accept the certificate you will be connected to TigerNet.

Your credentials should not need to be entered again until you either change your BengalWeb or ISU eMail password. However, you may need to accept a certificate again for the other authentication server.


To login to TigerNet using MAC OS X


In your upper right tray, Mouse Over and Click on the wireless icon > Select TigerNet from the drop down

Wireless Networks.



A Network Authentication window, as shown below, will be displayed.
Enter your BengalWeb login credentials, Click OK.

Network authentication window.



Once you enter your user credentials you will be presented with a Server Certificate.
Click on "Show Certificate"

Server certificate window.

Expanded server certificate window.

Accept the Certificate from merry.netel.isu.edu or merry2.netel.isu.edu and you will be connected to TigerNet.


Network window.


Your credentials should not need to be entered again until you either change your BengalWeb or ISU eMail password. However, you may need to accept a certificate again for the other authentication server.


To login to TigerNet using a device with iOS (iPads/iPhones)


Go to Settings > WiFi and choose TigerNet.

Wireless Networks.



After choosing TigerNet iOS will prompt you for your login credentials.
Enter your BengalWeb user name and password.

iOS login prompt.



Once you enter your login credentials you will be prompted to accept a certificate.
Click on "Accept" if the certificate is from merry.netel.isu.edu or merry2.netel.isu.edu.

iOS authentication dialog.



Once you accept the certificate you will be connected to TigerNet.

iOS connection success.


Your credentials should not need to be entered again until you either change your BengalWeb or ISU eMail password. However, you may need to accept a certificate again for the other authentication server.


To login to TigerNet using an Android device:


Go to Settings > Wireless & networks > WiFi settings
Under the list of WiFi network select TigerNet

Wireless Networks.



The EAP method should = PEAP
Under Identity enter your BengalWeb user name
Do NOT put anything in anonymous identity.
Under Password enter your BengalWeb password
Tap Connect

Android connection dialog.



You should now be connected to TigerNet.

Android connection dialog.


Your credentials should not need to be entered again until you either change your BengalWeb or ISU eMail password. However, you may need to accept a certificate again for the other authentication server.


How do I use DeviceNet?


For devices which are not able to use the 802.1x NAC protocol, or are a device such as a PC or Tablet shared by multiple users, we are implementing DeviceNet. Rather than using your username and password for access to the wireless network, you will be required to register your wireless device MAC address much in the same way as you did when using the BengalNet SSID.

For both students and faculty/staff:
SSID = DeviceNet
WPA2 security key = icmjn3tx25

Faculty/Staff needing wireless devices connected to the DeviceNet wireless network will need to contact the Information Technology Services (ITS) Service Desk either by eMail at help@isu.edu or by calling x4357 (HELP)

NOTE TO FACULTY/STAFF: Faculty/Staff should never use the Student Devices Portal. Devices in the Student Devices Portal have no access to University IT resources or networks and all devices are purged from the authentication database at the end of each Semester.

For Students, a Student Devices Portal has been developed for you that allows you to self-register up to (3) non-802.1x devices.

To register a device Click on the "Student Devices Portal" link above.

NOTE TO STUDENTS: Devices in the Student Devices Portal have no access to University IT resources or networks and all devices are purged from the authentication database at the end of each Semester. You will be required to re-register your devices at the beginning of each new Semester. The student DeviceNet network has no access to University IT resources. If you register a device, such as your PC in the Student Devices Portal, you will not have access to University applications such as Moodle. The Devices Portal is for such things as gaming consoles, Smart TVs, DVD Players, etc. These are devices which do not use ISU IT applications or resources. Do not register a "friend's" device in your account. Any device registered under your credentials is your responsibility and you may be held accountable for misconduct or illegal activity of another.