Configuration Guide to Use WPA

For Notebook Running on Windows Vista

For users who want to access OUHK WLAN in more secure means, they are advised to make the connection with WPA which is built as standard by Wi-Fi Alliance. With WPA connection, user data is encrypted and more secured keying mechanism is implemented so as to increase the difficulty of the wireless LAN being broken in.

As a trade-off,  WLAN user needs to ensure the Wi-Fi card is WPA-compliance, latest WLAN driver can be downloaded from the vendor web site

A.    Wireless Network (WLAN) Card Configuration

  Ø           Configure your Wi-Fi interface card with driver program provided with the installation manual  (for newer notebook model, this step is unnecessary since embedded Wi-Fi Centrino interface is usually built already).  To check whether your Wi-Fi card is configured successfully, you can follow the steps described below

        Ø           Click Control panel ==> Network and Internet, you should view icon similar as below

       

         Ø           Furthermore, click on Network and Sharing Center,  you should view icon similar as below

         

         Ø           From left-hand side menu, choose Manage network connection shown as above, you should see somewhat similar as below

           

          You can proceed on if the Wi-Fi  interface configured properly, otherwise, you should refer to your installation manual or contact the supplier to solve the installation problem

¡@

       A.1    IP address and DNS resolution setting

       Ø           To utilize WLAN within campus, the IP address of your PC is automatically assigned by the WLAN infrastructure, while Domain Name Service (DNS) is also managed by OUHK WLAN infrastructure.   Steps are shown below.

  Ø          From the Wireless Network Connection icon above,  click on Properties and then press Continue button when the User Account Control dialogue box prompt you to respond

             

           Ø          The Wireless Network Connection Properties will display similar as below, tick the check box  Internet Protocol Version 4 (TCP/IPv4) and then press Properties button to proceed to the configuration   

           

        Check Obtain an IP address automatically and Obtain DNS server address automatically

           

¡@

B.    WPA Profile Configuration

        B.1   Network selection

        Ø           After entering Manage network connections within Network and Sharing Center, click on Connect / Disconnect item on the Wireless Network Connections as shown below

          

         Ø           A list of available wireless network with SSID will be shown.  For WPA-enabled network, it is indicated with Security-enabled network.  Click on the appropriate one and then the properties item

           

            Ø           For the Network name (SSID) field, user may choose either one of following SSID depends on his / her role:

                      a.    OUHK-Student               :    For active students whom has activated Single Password

                      b.    OUHK-Staff                    :    For staffs / tutors whom has email account and activated Single Password already

                      c.    eduroam                           :    For visiting users from member institutions which joined eduroam 

                      d.   Universities via CSL    :    For OU users whom locate in CSL hotspots, to login back to OUHK WLAN infrastructure

                      e.   Universities via Y5ZONE   :    For OU users whom locate in Y5ZONE hotspots, to login back to OUHK WLAN infrastructure

                   

          B.2   Connection parameters configurations

           For WPA-enabled wireless network, you have to perform several steps for security parameters configuration

           Ø           Click on the Security tab after step B.1 described above, then refer to following diagram

                     -    In Security type selection  box,  choose WPA2-Enterprise option

                     -    In Encryption type selection box,  choose AES option

                     -    Uncheck the checkbox Cache user information for subsequent connections to this network, this will configure the system to prompt the user to login without automatic connection after logged off.  (for purpose of higher security)

                     -    On the Choose a network authentication method selection box, choose Protected EAP (PEAP) option

                     -    Click on the blue-highlighted Settings tab to further the configuration on the authentication method

                   

           Ø           On the Protected EAP Properties menu shown below, perform:

                    -     Check the Validate server certificate box

                    -     Check the Connect to these server box, type in  wlan.ouhk.edu.hk within the associated dialogue box

                    -     On Select Authentication Method, choose Secured password (EAP-MSCHAP v2) item

                    -     Tick the check box Enable Fast Reconnect

                    -     Click on Configure... button to proceed for further configuration of EAP MSCHAP v2 properties

                    

   Ø           Refer to below diagram, uncheck the check box Automatically use my Windows logon name and password (and domain if any)

                    

 

C.    Wireless Network Connection

            Ø           After completing the connection parameters above, back to the available wireless network list.   Click on the Connect button make actual connection

                                 

         Ø           To start the authentication process, click on the Enter/select additional log on information button below within the log on information box

                     

   Ø           Logon box will display as below, enter  your  userID on the User name field with appropriate format stated below:

                     a.  For OUHK user authenticate with SSID OUHK-Student / OUHK-Staff, please enter your user name (e.g. s1234567 ) in User Name field, while password in the Password field.

                     b. For eduroam user, please enter your username with domain belonged (user@my.homeU.edu.hk  -  e.g.  s1234567@polyu.edu.hk  as assuming a PolyU student working in OU) in User Name field, while password in the Password field.

                     c. For OUHK user authenticate with SSID Universities via CSL at CSL hotspots,  please enter your username with OUHK domain (e.g. s1234567@ouhk.edu.hk  ) in User Name field, while password in the Password field

                     d. For OUHK user authenticate with SSID  Universities via Y5ZONE  at Y5ZONE hotspots,  please enter your username with OUHK domain (e.g. s1234567@ouhk.edu.hk  ) in User Name field, while password in the Password field

            Ø           The field  Logon domain box shown below should be left empty

                       

     Ø          A message box Validate Server Certificate will be popped up as below, the user has to click on the OK button to verify the correct certificate.

                       

            Ø           As your identity is authenticated successfully by OUHK WLAN, you will get the response from your workstation as below

                       

            Besides, you should see following when click on the wireless icon of the system tray

                        

¡@

¡@