Apple OS upgrade: Compatibility issue with campus Wi-Fi
Apple's Private Wi-Fi Address feature, introduced in macOS Sequoia and updated for iOS 18 and iPadOS 18, can cause connectivity issues when using campus Wi-Fi networks. The same is true if you update your iWatch or VisionPro.
At this time, OIT's recommendation is to wait to upgrade to the latest Apple OS release. If you do choose to update, OIT strongly recommends that you set Private Wi-Fi Address to "off" for the UCB Wireless, UCB Guest and eduroam networks.
Learn more about optimizing Apple devices' Private Wi-Fi Address for CU Boulder networks.
What is eduroam?
The eduroam service is an international secure federated access service, allowing for members of participating institutions to access a secure wireless network when on the CU Boulder campus or one of the hundreds of other institutions in both the United States and world-wide.
How do I connect to eduroam?
Users must download and install eduroam configuration software for their device prior to connecting to eduroam. After installing the certificate, simply select the eduroam SSID (from Wi-Fi option) to connect.
For detailed instructions on setting up your device to connect to the eduroam network, please refer to the following:
What is this software that is being installed on my computer? What is it used for?
Our Secure Wireless has a couple software components that are used for onboarding:
SecureW2 onboarding agent
- Configures devices network settings to easily join our encrypted wireless network.
- Installs a secure certificate for our wireless authentication controller to prevent person-in-the-middle attacks if someone presents a fake ‘eduroam’ wireless network.
SafeConnect Policy Key
- Posture assessment tool for verifying the health of a device before it connects to our Secure Wireless environment. This is used to ensure devices comply with the CU Boulder Minimum Security Requirements. This includes:
- Authentication against the campus Active Directory
- Verifying Antivirus is installed, running, and has latest definitions
- Verifying Windows / Macintosh firewall running
- Verifying Windows / Macintosh operating system updates are enabled, running, and up-to-date
- Additional posture checking
- Checking if user is behind a NAT device
- Detection of Peer-to-peer (P2P) software
- Detection of outdated or vulnerable software such Oracle Java, Adobe Acrobat Reader, Adobe Flash Player
- Detection of outdated or expired operating systems such as OS X 10.5, 10.6, and Windows XP.
- Detection of specific malware
What is an SSID?
SSID stands for Service Set Identity/Identifier. It is a name that represents which wireless network a user is attached to. This is also called the "Network Name" by some vendors. Select the eduroam to connect to the secured network, after initial software configuration.
Can my printer be setup to use eduroam
No, printers can't attach to eduroam SSID because they lack encryption mechanisms.
In general, faculty or staff should not use wireless printers because data is passed unencrypted and may violate FERPA, HIPPA, or other data sensitivity policies. However, if you need to setup wireless printing, the printer should remain on UCB Wireless.
Can University guests/visitors use the eduroam network?
Campus visitors from institutions participating in eduroam can simply select eduroam from their operating system Wi-Fi options and connect to eduroam using their institution's credentials. If you experience any issues with while visiting CU Boulder, please contact your home institution's service desk.
Campus visitors not from a participating institution should use the UCB Guest Wireless service.
Can I use my smartphone on the wireless network?
Yes. Refer to the following tutorials to learn how to set up your device:
Why am I downloading onboarding software from a non-colorado.edu address?
Due to the dynamic nature of the on-boarding process, the eduroam configuration software must be downloaded from the Secure W2 on-boarding web page. This is needed and can be trusted.
I changed my IdentiKey password and now I can't connect to eduroam. How do I correct this?
Due to the nature of your eduroam credentials being stored locally on your device, changing your IdentiKey password using Identity Manager will cause an eduroam authentication failure.
Depending on your operating system you may be prompted to re-enter your credentials. If not prompted, the most reliable method for correcting the authentication issue is to repeat the onboarding process. The following tutorials explain this process:
Should I use eduroam or Cisco VPN for my secured connection?
In general, it is best practice to use eduroam for most secured on-campus connections, while Cisco VPN should be used for secured off-campus connections. Refer to the chart below for usage specific usage scenarios:
Service | Connection Location | Purpose |
---|---|---|
eduroam | On-Campus | Create on-campus secure connections that allow users to access file servers and other secured systems, as well as securely browse the internet. |
Cisco VPN | Off-campus | Gain access to campus resources (e.g. library resources, file servers) from off-campus. |
Custom VPN | On-campus and off-campus | In order to to access department specific resources, custom VPN connections should be used on and off campus. |