OIT is changing Temporary Visitor Wireless Network Access (TVWNA) in response to customer feedback.
Currently, a wireless client that wishes to use TVWNA must be configured to use a wireless network password (a WEP key).
On the morning of January 5 2006, TVWNA will be reconfigured to remove the use of the network password. After that time, any client that wishes to use TVWNA must be configured instead to not use a network password. Clients that were already using TVWNA will need to be reconfigured.
TVWNA's use of a network password was not for security reasons; in fact, the password provided no security benefits. (We intentionally published a single password for everyone to use, and used an weak encryption scheme.)
Rather, we used a network password for TVWNA for the following reasons:
As it happens, OIT Wireless Service does not use a network password. (Access is limited by verifying that the client's hardware address is registered in the Princeton University Host Database).
Because 802.11 wireless networks do not support 802.1Q VLAN tags, it was not possible to have the same Wireless Access Point support two different wireless networks while neither network used encryption. If one attempted to do so, it would result in the traffic from each wireless network being heard on the other wireless network, breaking service for both networks. (The two VLANs would get crossed.)
To work around that limitation, we configured TVWNA to use encryption (specifically, a WEP key). As all traffic for TVWNA was encrypted, that prevented the two networks' traffic from intermingling. (A client connected to the unencrypted OIT Wireless Service would discard the encrypted TVWNA traffic from the Wireless Access Point, because the client does not expect to receive encrypted traffic. Similarly, a client connected to the encrypted TVWNA service would discard the unencrypted OIT Wireless Service traffic from the Wireless Access Point, because the client does not expect to receive unencrypted traffic.)
A recent upgrade to the OIT Wireless Access Points has made it possible to support both networks on a single Wireless Access Point in a different manner. Each Wireless Access Point is now able to use a unique wireless hardware address (BSSID) for each wireless network (SSID) it supports. This makes each Wireless Access Point look something like multiple Wireless Access Points. The traffic for the two networks will not intermingle, because each network has a different BSSID. While encryption can still be used, there is no longer any technical need to use encryption to keep the traffic from mingling. So we could remove the network password from TVWNA if desired.
This allowed the customer's use of the password to constitute an agreement by the customer to be bound by the Acceptable Use Policy. It also reduced the likelihood that people would stumble across TVWNA and use it without being aware of the policies governing the use of the service.
Customer feedback was that entering a password was inconvenient. Based upon that, it has been decided that the inconvenience of needing to enter a password to use the service outweighs any need to inform the customer of the policies governing the use of the service, or to obtain agreement from the customer to abide by the Acceptable Use Policy.
Furthermore, accidental connections by such devices can place unecessary load on TVWNA. Since TVWNA and OIT Wireless Service share the same Wireless Access Points, unecessary TVWNA load can affect OIT Wireless Service. Also affected by any unecessary load is OIT DHCP and BootP Services; these provide service to many customers, including for example those using TVWNA, OIT Wireless Service, OIT Ethernet Service, Visitor IP Service, OIT Mobile IP Service, and TUD IP Service.
Customer feedback was that entering a password was inconvenient. It has been decided that the inconvenience of needing to enter a password to use the service outweighs any concern about accidental connections to the service, or any load accidental connections may place upon the various network services.