Enterprise WPA

qa

#1

I am purchasing my Forge for use in a University. The IT guys have our campus Wifi on pretty stringent lockdown in general, and this has caused issue with many wifi based technologies I have explored in the past.

Typically, the major stop-all factor is not being able to handle Enterprise WPA. I may suck at getting the right terms (typical failing of mine), so to explain what this is… it is Wifi where you can connect to it, but are then asked to enter both a login name and password.

Now… I can access a Wifi band for guests which only requires a password, but this has a bandwidth throttle, and is all around less desirable for personal reasons. But… will the GF be able to handle Enterprise WPA?


#2

Even organizations with strict requirements on wifi connectivity will typically have exceptions for devices that don’t support WPA-Enterprise. So even if Glowforge won’t support it you may not be out of luck.


#3

Bandwidth shouldn’t be a problem for guest wifi but the pass code side of that might(if it’s not completely open.

Either a phone hotspot or 4g LTE or “MiFi dongle” would do the job at a cost if you have signal(we might have different names for it in the UK)

Alternatively a wifi bridge from your desktop computer might work.(never tried it on an enterprise wpa). But at university our housemate plugged in a wifi router(uni had wired only) and that worked all be it being against the rules for very good reasons(work in IT now). Also Ethernet bridge worked from one device to another as we only had 1 port.


#4

Interested too on how this will work with one button. I have no IoT devices to configure. Yes, everyone must learn IP addressing now. I taught kindergarteners technology and told them that just like they memorize their phone numbers and house numbers, they needed to learn their computer numbers so They could contact each other.


#5

Not just WiFi, even wired networks can be dangerous for man in the middle attacks.

You could just get a router that supports DDWRT, or some other router that can repeat WiFi and repeat it with a different type of security. You could then also turn it on just when you need it :smile:

However this is still a risk for man in the middle attacks. Depends how the WiFi is set up on the campus, if it has client isolation etc… Best way to protect yourself is to use a VPN. You could set one up at home and connect over it at your campus.


#6

Probably worthwhile asking at this point @dan will the Glowforge have a backup ethernet port option?

If this was the case @jacobtuner you could take a laptop that connects to the Uni network and create a network bridge between the eth/wireless that would allow you to connect it up via your connection (without needing the glowforge to support Enterprise WPA.


#7

It has been officially stated there will be no ethernet port. There are ports you could connect directly to on the board, but too late in the cycle to expose those through the case. So possibly I could hack together something with minor ventilation losses (and warranty voiding).

Making my own wifi repeater is a mildly permissible alternative. I do almost the same for my current laser, having it broadcast a wifi signal with no internet so I can connect to the board and run prints.

But the university IT guys have come through my spaces before sniffing out 2.8 GHz interference. So I know they monitor things closely enough I cannot maintain an always on personal hotspot.

Plus I prefer to avoid the whole “I just completely defeated your security” aspect of broadcasting a backdoor :wink:

But, it is looking like I may have to resort to something. I was hoping that there is a way to have the GF authenticate with a stored username/password combination. I may be able to get it lodged into the network printer system though. Will have to talk with the IT guys and sort things out.


#8

I asked this question a couple days ago.

@dan replied below my post.


#9

FWIW, some if not many enterprise wifi solutions offer provisioning exactly for conditions like this. They’re usually part of the vendor’s guest access solutions, altho some (like Aerohive) offer a variant of PSK called Private PSK or PPSK. Ask your IT folks to look into that – you shouldn’t have to compromise security to get connectivity.


#10

I wonder if you could set up a wifi bridge that has limited range ie just the room the GF is in.

Also could you connect and Ethernet cable and run it out the vent port? So there would be no need to modify the case? – I realize no one has a machine to answer these questions.


#11

If I wind up with the wifi bridge, I will configure it to run whitelist only, so I can deny absolutely everything except the Forge and my laptop which is used to configure the bridge. But hopefully my IT guys have things that @mike mentions, or dan and crew get enterprise up and working, as alluded to in the response to @karaelena


#12

It might be possible that you could change the MAC address of a laptop to match that of the GF, then log into the network, shut off the laptop, and then turn on the GF. Should work as long as the authentication session would last.


#13

No, that won’t work at all because the link encryption wouldn’t match on the GF.


#14

Yeah I was thinking more like a portal login, like in hotels, I spaced over the whole WPA thing -_-


#15

I would simply use one of those travel routers. You don’t need it to have internet on it, you simply need an access point to connect both devices to so they can both talk, correct?


#16

That wouldn’t work. It’s a cloud service so you need an Internet connection.