Students who wish to use a personally-owned wireless access point ("WAP"; also called a "wireless base station," "wireless hub," or "wireless router") at Lawrence should read this document carefully before connecting their equipment to the Lawrence network. Wireless networks by nature are insecure. Therefore, it is strongly recommended that you 1) not send unencrypted passwords or other private information (such as credit card numbers) over a wireless network; and 2) carefully control who can gain access to a wireless network that you operate.
Caution: In operating a personal WAP, you are potentially opening your Lawrence network account to use by anyone within range of your WAP's signal. If they gain access, people completely unknown to you will be able to masquerade as you on the campus network and on the Internet. They will be able to download music, video, and other copyrighted content as you, and they may be able to access your personal network share space and other private information about you. If you follow the instructions below, it will be much harder for someone to impersonate you in this way; if you don't, you will be putting your privacy and much more at risk.
LU's Policies regarding Wireless Networking Hubs/Routers:
- Students wishing to use their own wireless networking devices in their residence-hall
rooms and in common spaces within student residences may do so provided that
the device does not interfere with Lawrence-provided network
resources.
- Note: If you live in a residence hall (currently only Colman Hall) that has Lawrence wireless network coverage it is important to note that you CANNOT use your own wireless access point or router as they will interfere with the Lawrence wireless network. To ensure the proper functioning of the Lawrence wireless network Technology Service will work to find and remove any sources of wireless interference.
The use of improperly configured units will result in immediate termination of network service until the problem can be resolved.
- When several consumer-grade WAPs are operated close to each other, it is not uncommon for the performance of all those devices to degrade. It is even possible that wireless connections to one or more such devices may become impossible. ITS may be able to help in diagnosing the source of these difficulties but does not assume responsibility for remedying them.
- Lawrence ITS does not provide technical assistance for personally-owned wireless access points or wireless routers.
- Personally-owned access points or ad-hoc networks are prohibited from using "Lawrence," "LU," "Viking," or the name of a Lawrence building in their service set identifier (SSID).
- Follow the setup requirements below along with the manufacturer's recommendations to help ensure safe operation that does not create network access problems for others and does not allow someone else to masquerade as you on the Lawrence network.
Setup Requirements:
Every computer connected to the Lawrence network must be registered and properly configured. When using a WAP or router, you must first connect each computer directly to the network jack or hub in your room and register it through the standard process. Once you have registered all computers in this way, then connect your WAP or router to the network jack or hub, and finally connect your computer(s) wirelessly to the campus network through the WAP.
Note: If your WAP is configured and connected correctly and you have already registered your computer on the campus network, you should not be redirected to a registration page when connecting wirelessly to the campus network via your WAP. If you are redirected to a registration page, then your WAP is almost certainly misconfigured. Please follow the instructions below a second time. If the problem persists, contact the ITS helpdesk.
To protect you, your computer, and the college network, all WAPs connected to the Lawrence network must be configured as follows (we cannot provide specific instructions because every device is different).
- Minimally, WPA-PSK encryption enabled. If both your WAP and your computer support it, use WPA or WPA2 security. Use the strongest form of encryption supported by your WAP and your computer.
- SSID ("Service Set Identifier") broadcast disabled.
- SSID changed to something other than the manufacturer's default. (Do not use "Lawrence," "LU," or the name of a Lawrence building in your SSID name.)
- WAP password changed to something other than the manufacturer's default. (Do not use your Lawrence network password for this!)
- Network Address Translation (NAT) and DHCP disabled.
- Strongly recommended: Use the "Wireless MAC filter" or "MAC address access control" feature to keep strangers out of your private network and to ensure that your LU network account is used only by you.
- Strongly recommended: Limit the number of permitted connections to the number of computers in your room.
It is imperative that your wireless router is used only as a pass-through device. You must obtain your network settings from the Lawrence network and not from any other source. If you follow the steps above, this should not be a problem. However, once you have disabled DHCP on your router, you will likely need to connect your router to the wall jack without using the router's "internet" or "wan" port. Please see the diagrams below for clarification.
Checklist Item #1: Configure your router
Plug your router directly into your computer. Alternately, you could connect to your router wirelessly, but that introduces an unnecessary level of complexity at this point. Access your router's settings and ensure they match the specifications above.
Checklist Item #2: Disable DHCP
This will be different for all types of routers. Look in your user manual and find out how to disable your router's built in DHCP server.
Checklist Item #3: Plug your router into the wall (correctly)
Plug your router into the wall and ensure that you are not making use of the "internet" or "wan" port. If you have configured your router correctly in step 1, then you should experience no problems.
Note: If WAPs are set up in adjacent or nearby rooms, they are likely to interfere with each other and reduce the Internet performance of both. Such interference is in the nature of the device. While ITS is not responsible for the interference, it may be able to provide limited assistance in resolving the issue. Contact the helpdesk to initiate a conversation.
