University at Buffalo - The State University of New York
Skip to Content

Device Configuration after the Wired Network Switch Replacement

In January 2017, UBIT initiated the Wired Network Switch Replacement project.  Learn about changes in device registration that may affect your customers.

Upgrade Schedule

Affected Devices

  • Any devices that have connected to UB’s network within the two months prior to the new hardware installation will automatically have their MAC address registered for use with the new switches.
  • Any new devices will need to be registered and/or authenticated the first time they connect to UB’s wired network; this process is guided by a log-in window or Web page redirect that appears when someone connects for the first time, similar to how guests register on the UB Connect Wi-Fi network.

Configuration Options

There are three options for configuring your device:

  1. 802.1x authentication (preferred method) - Requires some configuration changes on most client devices.
  2. MAC address - Intended for registered devices unable to use 802.1x.  
  3. Special department VLAN - Use for connecting a new device to the network that needs to be on a special departmental VLAN (not the Protected VLAN).

1. 802.1x authentication (preferred method)

The preferred method is to use the 802.1x protocol for authentication, however it requires some configuration changes on most client devices. The following provides instructions for enabling 802.1x on various devices.

Find instructions for your device:

Macintosh

802.1x is enabled by default on recent versions of Mac OS X. If you are running an older version of the Mac OS, follow the steps for MAC address below.

Linux

Details vary depending on the Linux distribution. Make sure you set the authentication method to “PEAP/MSCHAPv2 (not MD5).

Windows

Windows 10, 8/8.1 and 7 are very similar regarding these instructions with some screen shots slightly different.   

For Microsoft Windows, you will need to have administrator privileges on your PC in order to enable the 802.1x protocol.  

1. Launch services.msc.

  • Windows 10:  Type services.msc in the search box.
  • Windows 8/8.1: Move your mouse to the upper right corner until the Charms Bar pops out. Select Apps from the list and type services.msc in the search box.
  • Windows 7: Click Start (Windows button) and type services.msc in the search box.

2. Scroll down to Wired AutoConfig > right-click and select Properties.

3. On the General tab under Startup type select Automatic.

4. Click Start > Apply > OK.

5. Lauch view network connections.

  • Windows 10:  Type view network connections in the search box.
  • Windows 8/8.1: Move your mouse to the upper right corner until the Charms Bar pops out. Select Apps from the list and type view network connections in the search box.
  • Windows 7: Click Start (Windows button) and type view network connections in the search box.

6. Select view network connections under Programs to launch.

7. Right-click the appropriate network connection (likely named Local Area Connection) and select Properties.

8. Select the Authentication > Settings.

9. Uncheck Validate server certificate.

10. Select Configure next to Secured password (EAP-MSCHAP v2).

11. Uncheck Automatically use my Windows logon name and password (and domain if any).

12. Close Properties.

13. Select the Authentication tab again and select Additional Settings.

14. Check Specify authentication mode.

15. Select User authentication and OK.

You have completed the configuration and you can close all programs.

2. MAC address

To ease the transition even further, we have pre-registered the MAC addresses of all devices that have been connected to the network within the last 2 months, and those devices should have no problem connecting to the new switches. However, we encourage you to follow the instructions in this document to also enable and configure 802.1x on your device. In the future, the use of 802.1x may become a requirement in order to connect to the UB network.

Your device will then be allowed on the network, and it will be put in the Protected VLAN (a restricted virtual local area network). The Protected VLAN allows all traffic outbound, and it allows all traffic inbound from UB, however unsolicited inbound traffic from outside of UB is restricted (thus preventing devices from running world-accessible servers from the Protected VLAN).  

If you have not already registered your MAC address, you will be redirected to the UB Wired Network Access Web page when you connect your device to the network for registration.

Log in using your UBIT credentials, the MAC address for the device you are connecting will be automatically filled in on the form. Register your device and you will be granted access to the Protected VLAN.

Alternatively, you can visit UB My Devices Portal directly, from a third party device, in order to manage your existing device registrations, and create new ones.

3. Special departmental (VLAN)

If your device requires access to a departmental VLAN (rather than using the default “Protected VLAN”), you will need to ask your department IT support team to modify (or create) your registration for you.

Device registration for a departmental network (VLAN) is done at the same website as the MAC address registration, however only authorized department IT support staff have the ability to grant access to VLANs other than the “Protected VLAN.”

Common Questions and Answers

Still having problems? See known related issues and their resolutions on Common Questions and Answers for the Wired Network Switch Replacement Project.

Contact the UBIT Help Center

Have a UBITName? You may also use the UBIT Help Center Online (login required).

(Required)
 
 
(xxx) xxx-xxxx
(Required)
Use your @buffalo.edu email, if known
 
(Required)