In January 2017, UBIT initiated the Wired Network Switch Replacement project. Learn about changes in device registration that may affect your customers.
There are three options for configuring your device:
The preferred method is to use the 802.1x protocol for authentication, however it requires some configuration changes on most client devices. The following provides instructions for enabling 802.1x on various devices.
Find instructions for your device:
802.1x is enabled by default on recent versions of Mac OS X. If you are running an older version of the Mac OS, follow the steps for MAC address below.
Details vary depending on the Linux distribution. Make sure you set the authentication method to “PEAP/MSCHAPv2 (not MD5).
Windows 10, 8/8.1 and 7 are very similar regarding these instructions with some screen shots slightly different.
For Microsoft Windows, you will need to have administrator privileges on your PC in order to enable the 802.1x protocol.
1. Launch services.msc.
2. Scroll down to Wired AutoConfig > right-click and select Properties.
3. On the General tab under Startup type select Automatic.
4. Click Start > Apply > OK.
5. Lauch view network connections.
6. Select view network connections under Programs to launch.
7. Right-click the appropriate network connection (likely named Local Area Connection) and select Properties.
8. Select the Authentication > Settings.
9. Uncheck Validate server certificate.
10. Select Configure next to Secured password (EAP-MSCHAP v2).
11. Uncheck Automatically use my Windows logon name and password (and domain if any).
12. Close Properties.
13. Select the Authentication tab again and select Additional Settings.
14. Check Specify authentication mode.
15. Select User authentication and OK.
You have completed the configuration and you can close all programs.
To ease the transition even further, we have pre-registered the MAC addresses of all devices that have been connected to the network within the last 2 months, and those devices should have no problem connecting to the new switches. However, we encourage you to follow the instructions in this document to also enable and configure 802.1x on your device. In the future, the use of 802.1x may become a requirement in order to connect to the UB network.
Your device will then be allowed on the network, and it will be put in the Protected VLAN (a restricted virtual local area network). The Protected VLAN allows all traffic outbound, and it allows all traffic inbound from UB, however unsolicited inbound traffic from outside of UB is restricted (thus preventing devices from running world-accessible servers from the Protected VLAN).
If you have not already registered your MAC address, you will be redirected to the UB Wired Network Access Web page when you connect your device to the network for registration.
Log in using your UBIT credentials, the MAC address for the device you are connecting will be automatically filled in on the form. Register your device and you will be granted access to the Protected VLAN.
Alternatively, you can visit UB My Devices Portal directly, from a third party device, in order to manage your existing device registrations, and create new ones.
If your device requires access to a departmental VLAN (rather than using the default “Protected VLAN”), you will need to ask your department IT support team to modify (or create) your registration for you.
Device registration for a departmental network (VLAN) is done using UB My Devices Portal, however only authorized department IT support staff have the ability to grant access to VLANs other than the “Protected VLAN.”
Still having problems? See known related issues and their resolutions on Common Questions and Answers for the Wired Network Switch Replacement Project.