Advanced Photon Source

An Office of Science National User Facility

802.1x / Auth N

802.1x Instructions

  1. Overview
  2. Windows XP Users
  3. Windows Vista Users
  4. Windows 7 Users
  5. Windows 10 Users
  6. Linux Users
  7. Apple Mac OSX Leopard
  8. Apple Mac OSX Tiger
  9. Troubleshooting

Overview


802.1x wireless LAN authentication provides secure encrypted access to inside the APS networks.
The wirelsss ssid "APS AUTH N" permits users to connect using 802.1x authentication and are then prompted for their ANL Domain username and password.
After the authentication succeeds, users have access to APS internal networks.
This eliminates the need to use a VPN client.

To use 802.1x, users must meet the following requirements:

  • Users must be a member of the "802.1x Users" group.
  • The wirelss card on your computer must also have a permanent registration.
  • Windows XP must have Service Pack 3 installed.
  • Only ANL owned computers will be permitted 802.1x access.
  • It is a good idea to have your computer up to date with the latest patches and wireless card drivers.

If you have problems authenticating or cannot get an ip address, please submit a support request ticket.

Windows XP Users


To connect to the 802.1X APS AUTH N network, you first need to search for the broadcasted ssid.

  1. Right-click on your wireless network icon in your taskbar
  2. Left-click on View Available Wireless Networks
  3. Here you'll see APS AUTH N lised as an available wireless network.
  4. Click once on it to select it.
  5. Click Connect
    xp wireless networks
  6. In your taskbar, you'll see a popup notifying you that you need to enter your
    ANL Domain credentials. Click on this pop-up.
    ** (for troubleshooting this step, see note below)
    xp credentials
  1. Enter your ANL Domain Username & Password.Leave the Domain field blank.
  2. Once connected, you'll see that the APS AUTH N network now shows a status of connected.

**If you receive an error that you don't have a valid certificate, please make the following changes...

  1. Click on Start, Settings Control Panel
  2. Double-click on Network Connections
  3. Find your wireless connection & right-click on it. Left-click on properties.
  4. Click on the Wireless Networks Tab.
  5. Under Preferred Networks, find the APS AUTH N network. (If you are recreating this connection, first remove it, then click on Add and continue the steps below.)
  6. Highlight this network & click on Properties.
    xp troubleshooting part 1
  7. Make sure that the Network Authentication is WPA2 and Data Encryption is AES.
    xp troubleshooting part 2
  8. Click on the Authentication tab.
  9. Make sure the EAP type: is Protected EAP(PEAP).
  10. Click on Properties.
  11. Uncheck the option to Validate server certificate.
  12. Under Select Authentication Method: Make sure that Secured Password (EAP-MSCHAP v2) is selcted.
  13. Check the box to Enable Fast Reconnect.
  14. Click on Configure.
  15. Uncheck the box to Automatically Use my windows login...
  16. Click Ok until back to windows desktop.
  17. Should try to reconnect. If not, attempt to reconnect manually.
  18. When prompted, click on the bubble to enter other credentials.
  19. Use your ANL Domain Username & password.

Windows Vista Users


To connect to the 802.1X APS AUTH N network, you first need to search for the broadcasted ssid.

  1. Right-click on your wireless network icon in your taskbar
  2. Left-click on Connect to a network.
  3. Here you'll see APS AUTH N lised as an available wireless network
  4. Click once on it to select it.
  5. Click Connect
    vista connect to aps auth
  6. Then you'll be prompted to enter your ANL Domain credentials.Leave the Domain field blank.
  7. Once connected, you'll see that the APS AUTH N network now shows a status of connected
    vista enter credentials

Linux Users


Your setup may be different if you are running a different version of linux. If you encounter trouble please consult your linux distributer, or submit a support request using the APS Support Request System.

To start off you will need to have the KNetworkManager installed on your machine, and an acceptable wireless card that works with your machine. You will also have to make sure your wireless card is functioning and enabled.

  1. Go to the KnetworkManager in your active tray:

    knetworkmanager
  2. Select the APS AUTH N network to edit it's properties.
  3. Make sure that encryption is set to WPA2 Enterprise (NOT WPA Personal)
  4. Under Advanced Settings, ensure that the EAP Method is set to PEAP.
  5. In the Identity field, type in your ANL Domain username and password below it.
  6. Click Connect.

Apple Mac OSX Leopard


  1. Open the wireless menu from the menu bar and select "APS AUTH N"
    leopard connect to aps auth part 1
  2. if APS AUTH N is not listed, select "Join Other Network..."
  3. Type in APS AUTH N (in all caps) as the Network Name
  4. Select "WPA2 Enterpirse" from the Security pop-up menu
  5. Put in your ANL Domain username and password
  6. Click "Join"
    leopard aps auth part 2

Apple Mac OSX Tiger


  1. Go into applications, and click on Internet connect.
  2. Click on the Wireless network adapter & click on file to bring up the menu.
  3. Choose New 802.1x connection.
  4. In the Configuration pull-down menu, choose Edit Configurations...
  5. In the description field, enter APS AUTH N
  6. In the network Port field, choose you wireless adapter
  7. In ther User Name and Password fields, Enter your ANL Domain username and password.
  8. For the Wireless Network, choose APS AUTH N
  9. For the Authentication field, choose PEAP and uncheck the remaining choices
    tiger 802.1x connection

Troubleshooting


Windows should allow users to connect to the APS AUTH N network without making configuration changes. Although, there are times when the settings would need to be configured manually.

In some cases, the APS AUTH N connection will not connect successfully and the profile needs to be re-created. You will need to delete the APS AUTH N profile within your network settings and re-create it. If you need assistance with this, please submit a support request.

Change Password:

If you are prompted to change your ANL Domain Password, you may find that you are unable to connect to APS AUTH N. In some cases, we have found that the solution is as simple as re-entering the new password. You are prompted for the credentials again. In other cases, the solution has been to delete the APS AUTH N profile and recreate it. Please use the following directions in order to create a new connection.

If you have any trouble connecting to the APS AUTH N network and/or following any of the directions for connecting, please submit a Support Request.