cshen.ca

SFUNET-SECURE is a recently deployed network that supports 802.11a/b/g protocols as well as full WPA2/AES encryption. It also requires an 802.1x EAP/TTLS client for authentication rather than a web portal. While an initial setup process is required, users are encouraged to use SFUNET-SECURE where possible.

Actually it’s not all that recent, since SFU Surrey’s setup instructions are already out of date. This is the revised instructions for Windows.

Windows Vista Setup

1. Download and install the latest SecureW2 EAP Suite. This is needed to authenticate to the network.
2. Navigate to Control Panel > Network and Sharing Center > Manage Wireless Networks.
3. If SFUNET-SECURE is already listed, remove it.
4. Press the Add button (with a giant green plus sign beside it).
5. Select Manually connect to a wireless network.
6. • Network name: SFUNET-SECURE
   • Security type: WPA2-Enterprise
   • Encryption type: AES

   Check Start this connection automatically if desired, then click Next.

7. Select Change connection settings.
8. Go to the Security tab.
9. Choose SecureW2 for network authentication method. The actual name may vary.
10. Click Settings.
11. Proceed to the section titled SecureW2 Settings.
12. You may need to follow steps 25 and 26 when connecting from some areas of campus.

Windows XP Setup

1. Download and install Service Pack 3 if you haven’t already. It includes an essential fix (kb893357).
2. Download and install the latest SecureW2 EAP Suite. This is needed to authenticate to the network.
3. Navigate to Control Panel > Network Connections.
4. Right click on Wireless Network Connection and select Properties.
5. Go to the Wireless Networks tab.
6. Make sure Use Windows to configure my wireless network settings is checked.
7. Under Preferred networks, if SFUNET-SECURE is already listed, remove it.
8. Press the Add button.
9. • Network name: SFUNET-SECURE
   • Security type: WPA2
   • Encryption type: AES
10. Go to the Authentication tab.
11. Choose SecureW2 for EAP Type. The actual name may vary.
12. Click Properties.
13. Proceed to the section titled SecureW2 Settings.
14. You may need to follow steps 23 and 24 when connecting from some areas of campus.

SecureW2 Settings

1. Click Configure.
   
2. Use alternate outer identity could be checked or not, it doesn’t make much difference.
   
3. Go to the Certificates tab. Make sure Verify server certificate is checked. Click Add CA.
   
4. Select Thawte Premium Server CA, and click Add CA.
   
5. You should now see it listed under Trusted Root CA.
   
6. Go to the Authentication tab. Make sure Authentication Method is PAP.
   
7. Go to the User account tab. Leave Prompt user for credentials checked only if you wish to input your username and password every time you connect. Otherwise, fill out Username (your sfuid), Password, and Domain (sfu.ca).
   
8. Click on Advanced (bottom left) and make sure Allow users to setup new connections is checked. You could also check the other stuff if you wish (although probably not Check for Microsoft Key extension).
   
9. Keep clicking OK until you exit all windows.

eduroam

Eduroam is a BCNET initiative that allows students, staff and faculty access to wireless services at cooperating universities without the need for obtaining a guest account. This allows a user visiting another institution to login using the same credentials they would at home.

This is actually a new service, and the setup is exactly the same as SFUNET-SECURE. In fact, once you have the above completed, all you have to do to setup eduroam is everything up to (and including) selecting SecureW2 for the network authentication method/EAP Type.

Update: SFU now supports PEAP which no longer requires a third party client. Instructions could be found at Network Services.