University Enterprise Network Issues

wifi
setup
error

#1

We are operating our unit on a University Campus. The wireless network is traditionally WPA-Enterprise with user authentication. I have been in close contact with the Networking Group to attempt to get the unit set up in the existing ecosystem.

Long story short: Nothing worked, the farthest we ever get to is ‘Device Error!’ ‘While trying to setup your Glowforge, it became no longer reachable or responded in an unexpected way. Please make sure you are connected to the Glowforge wifi network and click Restart Setup.’

The basic framework of what we tried was attaching to a hidden SSID that the University uses for IOT devices. This network filters MAC addresses to allow access along with WPA-PSK.

Finding the MAC address of the unit was harder than it should have been. We eventually used Wireshark and ARP to confirm the MAC of the unit.

Using a combination of browsers/system/network settings we were never able to get past the Error page. By the end we were broadcasting the previously hidden SSID, and removed all security measures other than the PSK. Obviously my coworker in Networking took that last step very cautiously.

I have already sent a message to support. Anyone here have any suggestions?


#2

Maybe something like this?

https://www.amazon.com/NETGEAR-Wi-Fi-Extender-Essentials-EX2700/dp/B00L0YLRUW

I don’t use it as a range extender but rather as a node for my PC because I didn’t want to run a cable. I used to use it as an extender in another application.

Not the best solution but may help you in this case.


#3

Oh wait, no Ethernet. Never mind. :disappointed:


#4

At my workplace our network security team have a method in place to actively counter “rouge” access points which renders them useless. If my Glowforge was at my office the SSID that it broadcasts during configuration would have to be whitelisted to stay connected to it.

Maybe some sort of web filtering that may be blocking a URL or port that its trying to use once its on the network?


#5

It’s funny. That error basically means that the Glowforge dropped its hotspot before the setup webpage expected it to. When you go to app.glowforge.com does your new glowforge show up next to your account picture? If so, the the glowforge was able to connect to the internet and talk to glowforge.com even though the hotspot page was confused. If not, then uh, I’m not sure what to suggest next.


#6

As you found out the Glowforge does not support WPA2 Enterprise. But it does support plan jane WPA2. Personally, I have tested the Glowforge with hidden SSIDs and it has worked. But in your case (MAC address filtering and possibly NAC) it may be more complex.

Depending on how buddy-buddy you are with your sysadmin. I’d suggest them creating another (visible) broadcasting SSID, lock it to the MAC address of the Glowforge and configure it for WPA2. Then attach it to the same VLAN as your IoT devices.


#7

Yah. Having an Ethernet port would have solved some people’s problems for sure. It’s just soooo 2001.


#8

Just as a test to ensure there’s nothing wrong with the wireless NIC in your 'forge, you might want to try with a hotspot on your phone and see if it’ll connect. You can always change which SSID you connect to later by holding the button for several seconds until it turns cyan.


#9

The next version of Cisco wireless software (likely what your University uses) supports a per-device WPA2-Personal password. The feature is called Identity PSK and it’s in version 8.5 of their software.


#10

From the top:

@technut27 - Yep, same here. They don’t actively counter rouge APs, but they do detect them and hunt them down. This is super common for students in dorms, kind of turns in to a tragedy of the commons issue over WiFi frequency space. I will confirm with networking that nothing would be blocking the ad-hoc SSID. Do we know what ports need to be open? I spent a very brief amount of time looking, but didn’t really get very far.

@markwal - Nope, app.glowforge.com looks the same: “Welcome to Glowforge,
Let’s make sure you’re ready to get started.” Looking at the account off the same page, under devices it is still blank.

@karaelena - Yep, that is what we were trying (regarding normal WPA2-PSK). While I am not the admin, and I didn’t configure the current system, I am not 100% sure what the ‘may be more complex’ part of your comment. To your second comment, that is essentially what we tried. Possibly even to the point of disabling MAC filtering. At one point yesterday my coworker in Networking said: “Ok, try in 3 minutes (the time it takes for configuration changes to be pushed out on our network). Be sure to call me back after you try because I need to revert back.” I took that to mean that he significantly reduced the security measures in an effort to see if it was an issue on the Networking side or the Glowforge side.

@mad_macs - It took courage to remove that Ethernet port.

@Tom_A - Yeah, that is what I was thinking. I am going to move it to a more open network environment (my house) to confirm normal operation. It is also amusing that I came across a post yesterday that suggested that one of the first things the Glowforge does when connecting to the cloud is to download a firmware update. This firmware update supposedly (I don’t know how much of this is speculation on the part of the poster) fixed some connectivity issues. If this is true it is both amusing and sad that you need connectivity to fix connectivity issues. If it comes to that, I will post back what we find.

@Dent - Only issue is that we don’t use Cisco. I can ask to see if a similar option is available for out APs.

Thank you all for your quick and insightful thoughts. :+1: Certainly quicker than support@glowforge


#11

In the olden times you’d get a setup tape when you got your VCR - needed to setup the VCR to get to the setup tape instructions :smile:


#12

Yeah give it a go. Let us know what you find!


#13

Or arrogance.

I see where they were going with it, it’s like removing a floppy drive, or serial ports.

The world just isn’t quite ready for it.


#14

Speak for yourself. :wink:

The other day my Dad called and said “How do I put files on a CD/DVD now that I have Windows 10?” I said “That’s a good question. But a better question is ‘Where the hell did you find a blank DVD?!’ They still make those?!”


#15

As far as I can tell it just needs TCP ports 80 and 443 for HTTP (possibly just 443) and UDP port 123 for NTP. It will also need access to a DNS server, of course, but it will just use the local one supplied by DHCP.

At my college I can’t use the main Wifi network (which is WPA2 Enterprise) but luckily we also still have a completely unsecured network that is basically only good for web access. (It’s essentially external to our real network, with no access to things that are only available to the real campus network.)


#16

The “courage” line is a reference to Apple’s statements about removing the headphone jack from the iPhone last year: https://www.theverge.com/2016/9/7/12838024/apple-iphone-7-plus-headphone-jack-removal-courage

So yeah, arrogance. :wink:


#17

Yah. It’s the kind of thing Steve Jobs and Apple were keen on doing. Eliminating a port to push a new technology forward, with no small amount of growing pains. I think the difference is that when Apple did it, it was a new technology USB, FireWire 800, Thunderbolt, USB-C mini-Display port.

In this case, the removal of the Ethernet port, To save a few dollars, leaves us with a connection that is difficult to troubleshoot, interference, channel overlap, RSSI. All issues that aren’t present on a wire. (Ok there are some issues with signal on wires). I ALWAYS run a wire to servers and printers. It’s just good practice in the IT world.


#18

rouge:

noun
1.
a red powder or cream used as a cosmetic for coloring the cheeks or lips.

rogue:

noun: rogue; plural noun: rogues
1.
a dishonest or unprincipled man.

Just sayin’…:grinning:


#19

You may reach out to neteng and see if they would fly an open “guest” SSID or if there is already such an SSID, just request a whitelist for your GF mac-address? Theres got to be a method in place to authenticate Xbox, TVs and other wifi enabled devices?

This is simple enough in any controller based environment - Aruba/CISCO


#20

The continuing tale:

I packed up the unit and brought it home with me tonight. I wasn’t really planning on having to deal with venting it at home but rigged up a functional venting port out of scrap plywood lying around.

After getting everything reset up and booting up, I get the same error when using my phone. I get to the screen asking for WiFi log-in information for my home AP, put in the password. Wait about 30 seconds and get the same ‘Device Error’ message.

For more complete reference, my home WiFi network uses standard vanilla WPA2-PSK on both 2.4 and 5GHz. I might try forcing one or the other just to see if it is a frequency issue.

I didn’t really realize this, but I don’t have access to as many WiFi enabled computing devices at home (all of the computers are hardwired desktops, I know: for Glowforge that is painfully out of date). I am going to pull out all of our old phones and tablets and try with them, but I am doubtful at this point.

Also, no response from support yet.