Introduction This article will deal with standards required for connecting devices to the Devnet wireless network. Applicability The article applies to anyone on the University of Alberta Campuses who requires to connect research and infrastructure equipment to wireless, which does not support WPA2/WPA3-Enterprise security and must use WPA-Personal security. Background information The DevNet wireless network exists and is designed to support research and infrastructure focused devices that are incompatible with Enterprise type authentication security protocols. This may include devices such as experimental hardware and sensors that researchers may procure to meet specific needs or building monitoring/control systems in locations sor short periods or in locations not conducive to installing a cable. To provide appropriate security around what fundamentally are IOT devices, DevNet is isolated from the main university network and direct two-way communications are not allowed. DevNet devices must initiate a connection outbound to campus or cloud based services. It's important to clarify that while IST provides the wireless service, it does not supply the devices. Researchers ensure their devices are updated with the latest security patches. Devices must comply with these requirements to avoid being disconnected from the network. All users are required to adhere to the University of Alberta's IT Security Policy. While IST support is available for connectivity issues, the onus remains on the device owner to ensure their devices comply with all security guidelines. Accounts on the DevNet network require renewal/verification annually to ensure that credentials for devices that fall out of use do not remain active for extended periods. Before the expiry date an email will be sent to the ccid of the identified owner to verify the active state of this device and update the password, etc. Device Requirements The device must support WPA2-Personal wireless security. The device must support Transport Layer Security (TLS) version 1.2 or better The device should be upgraded to the latest firmware version from the manufacturer website to present the best chance of compatibility with the wireless network. The device should support both the 2.4 Ghz and 5 Ghz wireless frequency bands. If the device only supports the 2.4Ghz wireless frequency band the service cannot be guaranteed due to the high congestion and interference of the 2.4 Ghz wireless frequency band The DevNet wireless network has client isolation enabled, to prevent one device from communicating with another device directly. The device must be able to be configured and operate independently from other devices like a cell phone. Cloud managed devices are best. Procedure To connect a device to DevNet, researchers must obtain credentials from the IST. Devices require support for WPA-Personal type security to use DevNet. IST will provide per-device or group of device passwords linked to each device’s MAC address. If a device cannot support WPA-Personal security, alternative solutions, such as wired connections, need to be explored as open wireless networks without some form of validation are not permitted. Submit a request on the Service Centre Portal to have the device connected to wireless, https://www.ualberta.ca/en/services/staff-service-centre/index.html. Please have the Make, Model, location of equipment and MAC address of the equipment ready to document in the request. Also document the Research or Infrastructure project this equipment will be associated with IST will create a wireless Pre-Shared Key(PSK) for the device. Configure device to connect to the DevNet wireless network and enter Pre-Shared Key when prompted. DevNet Endpoint Reservation and Expiry https://universityofalberta.freshservice.com/support/solutions/articles/19000109511

Introduction This article will deal with the issues with wireless printers on the University of Alberta wireless networks. Applicability The article applies to anyone on the University of Alberta Campuses using the University of Alberta wireless networks Procedure There are several issues with connecting a wireless printer to the University of Alberta wireless networks. The following are some of the issues identified: Consumer-based printers often support only WPA2-Personal wireless security. As such printers which only support WPA2-Personal security cannot be connected to eduroam or UWS wireless networks. Eduroam and UWS supports WPA2/WPA3-Enterprise for wireless security The University of Alberta wireless networks uses Client Isolation, which prevents devices connected to directly communicate with other devices connected to the wireless network. This will also prevent any device from being able to send print jobs to a wireless printer. Without Client Isolation the printer would be exposed to all users on the wireless network, which range from 48000 to 50000 devices at the peak of the day, and potentially discoverable and available for use. The University of Alberta wireless network uses Dynamic Host Configuration Protocol (DHCP) to assign IP addresses to devices connected to wireless. We DO NOT assign Static IP addresses on the wireless networks. Printers are an infrastructure device, when purchasing a printer for the campus please confirm that the printer has multiple options to connect to for printing, such as USB and Ethernet. The Ethernet port is for group printing and the USB Port for a single office. The other option, which is not supported by IST, is for a cloud based print server service to be used. This printer will need to communicate with the cloud server and download waiting jobs to the printer. Print jobs cannot be pushed from the cloud to a printer on the campus network.