Wireless Network Connection for staff and students through WPA/WPA2

Apart from using VPN with wireless network, using WPA/WPA2 is another secure option. This is a secured wireless connection method with data encryption over the air. Using this method, any user with a valid HKIEd network account can access the Internet as well as the HKIEd Internal network wirelessly, just like using a computer connected to the campus network with wired connection. To make such a connection, you need to setup a profile using the wireless connection utility available in your device. The HKIEd wireless network has two SSID, the "HKIEd" is for WPA/WPA2 enabled connection and HKIEdGuests/VPN is for guest with no encryption settings and also used for VPN.

Connection Procedures: (screen capture based on Windows XP wireless connection utility)

1. Right click the wireless connection icon on the task bar and choose "View Available Wireless Networks" to open the wireless connection utility.
   
   
2. On the left hand side of the window, click "Change advanced settings"
   
   
3. Change to the "Wireless Networks" tab then click the "Add" button.
   
   
4. On the "Association" tab, enter the SSID as "HKIEd". Then change the "Network Authentication" to "WPA2" and "Data encryption" to "AES".
   
   
5. Change to the "Authentication" tab. Select "Protected EAP (PEAP)" as the "EAP type" and untick the option "Authenticate as computer when computer information is available" then click the "Properties" button.
   
   
6. From the "Trusted Root Certification Authorities", tick the "Thawte Premium Server CA" certificate. From the "Select Authentication Method:" choose "Secured password (EAP-MSCHAP v2)" and tick the option "Enable Fast Reconnect". Then click on the "Configure..." button.
   
   
7. Untick the option "Automatically use my Windows logon name and password (and domain if any).". Then click "OK"
   
   
8. Then click all the "OK" button to accept those changes. And the system will try to connect to the wireless network based on your profile settings.
9. Then a message will pop-up as below asking for your login information. Just click on the message then the login prompt will come up.
   
   
10. Enter user name and password as requested. For the "Logon domain", just leave it blank.
    
    
11. Then you will notice that a message pop-up saying that the wireless connection is connected.
    
    
12. Now you may surf the Internet (e.g. using Internet Explorer) over the HKIEd wireless network.

Notes:

1. If you want to use "WPA" as the authentication method, you only need to change the "Network Authentication" to "WPA" and set "Data Encryption" to "TKIP" in step 4. Other settings remain the same.
2. For Windows XP SP2 users, they need to update their Windows XP before they could use WPA2 which is more secure than WPA. For details, please kindly refer to http://support.microsoft.com/kb/893357.
3. Some devices with Wi-Fi do not support WPA/WPA2. In that case, you have to use other connection method.