Skip over global navigation links

Wireless Frequently Asked Questions (FAQs)

Click on one of the categories below to get answers to your Frequently Asked Questions:


General FAQs


NIH-Specific Questions


Apple-Macintosh Specific Questions


Common Troubleshooting Questions

  • The VPN client is installed, but it never gets to the point where I type in my user name and password. What is wrong?
  • I have a wireless card and am getting a signal. Why can't I access my e-mail and other files that I usually can use on the wired network?
  • I am running Windows XP Home Edition and do not see any option to "Enable start before login".

Up to Top


Glossary

LAN – Local Area Network.

NIH Firewall – The NIH firewall is a network device used to block unauthorized network traffic from entering NIHnet.

NIHnet – NIHnet is the name used to designate the NIH backbone computer network and all sub-networks attached to the NIH backbone.

Wireless – A technology that permits the transfer of information (active or passive) between separate points using electromagnetic waves rather than a physical connection.

VPN – A virtual private network is a secured private network connection, that is established on top of publicly-accessible infrastructure, such as the Internet or the public telephone network. VPNs typically employ a combination of encryption, digital certificates, strong user authentication and access control to provide security. They usually provide connectivity to computers and sensitive data behind a gateway or firewall. VLAN – A virtual LAN (VLAN) is established by software and configures multiple client devices (“workstations”) which may not occupy the same physical network space into a common virtual space so that the devices behave as if they occupied a position on a common physical network.

WLAN - Wireless Local Area Network.

Up to Top


General FAQs

Where Can I Connect to the NIH Network via Wireless?

View a list of NIH Wireless access locations.
Wireless technology allows you to connect your laptop computer to the NIH network via radio waves without plugging in to a network outlet. You can log on to the NIH wireless network in many locations on and off campus. Regardless of the brand of wireless equipment installed in your laptop, if it is compatible with the 802.11g or older 802.11b standard you can communicate with NIHnet and your local IC LAN. For additional information, contact your IC IT Representative or visit ITServiceDesk.nih.gov.

What is WiFi?

Short for wireless fidelity, and meant to be used generically when referring to any type of 802.11 network whether 802.11b, 802.11g, 802.11a, dual-band, etc. The term is promulgated by the Wi-Fi Alliance.

Any products tested and approved as "Wi-Fi Certified" (a registered trademark) by the Wi-Fi Alliance are certified as interoperable with each other, even if they are from different manufacturers. A user with a "Wi-Fi Certified" product generally can use any brand of access point with any other brand of client hardware that also is certified. Typically, however, any Wi-Fi product using the same radio frequency (for example, 2.4GHz for 802.11b or 11g, 5GHz for 802.11a) will generally work with any other, even if not "Wi-Fi Certified."

Formerly, the term "Wi-Fi" was used only in place of the 2.4GHz 802.11b standard, in the same way that "Ethernet" is used in place of IEEE 802.3. The Alliance expanded the generic use of the term in an attempt to stop confusion about wireless LAN interoperability.

Up to Top

What is 802.11?

802.11 refers to a family of specifications developed by the IEEE (a standards organization) for wireless LAN technology. 802.11 specifies an over-the-air interface between a wireless client and a base station or between two wireless clients. The IEEE accepted the specification in 1997.

There are several specifications in the 802.11 family of standards. The following are highlighted standards typically discussed:

  • 802.11 – applies to wireless LANS and provides 1 or 2 Mbps transmission in the 2.4 GHz band using either frequency hopping spread spectrum (FHSS) or direct sequence spread spectrum (DSSS).
  • 802.11a – an extension to 802.11 that applies to wireless LANs and provides up to 54 Mbps in the 5GHz band. 802.11a uses an orthogonal frequency division multiplexing encoding scheme rather than FHSS or DSSS.
  • 802.11b (also referred to as 802.11 High Rate or Wi-Fi) – an extension to 802.11 that applies to wireless LANS and provides 11 Mbps transmission (with a fallback to 5.5, 2 and 1 Mbps) in the 2.4 GHz band. 802.11b uses only DSSS. 802.11b was a 1999 ratification to the original 802.11 standard, allowing wireless functionality comparable to Ethernet.
  • 802.11g – applies to wireless LANs and provides up to 45 Mbps in the 2.4 GHz band.
  • 802.11i – enhancements to 802.11 that offer additional security and improved encryption standards

Up to Top

What is WEP?

Short for Wired Equivalent Privacy, a security protocol for wireless local area networks (WLAN) defined in the 802.11b standard. WEP is designed to provide the same level of security as that of a wired LAN. LANs are inherently more secure than WLANs because LANs are somewhat protected by the physical nature of their structure, having some or all part of the network inside a building that can be protected from unauthorized access. WLANs, which use radio waves, do not have the same physical structure and therefore are more vulnerable to tampering. WEP provides some security by encrypting data being transmitted over radio waves so that it is protected as it is transmitted from one end point to another. However, it has been found that WEP is not as secure as once believed. WEP alone is not sufficient security.

Up to Top

What is a WEP key?

A WEP key is basically an encryption password that is shared by an access point and a wireless client, allowing basic encryption and decryption of information between the access point and the client device. A WEP key will need to be added to your wireless client on your PC to access NIH wireless resources. The WEP key for the NIH campus can be obtained from the IT person responsible for your area or by contacting the NIH Help Desk.

Up to Top

What is SSID?

Service Set Identifiers (SSID) is a unique identifier attached to the header of packets sent over a wireless LAN. It is primarily intended to differentiate LANs, but also acts as a rudimentary password. You will also need to enter a SSID into your wireless client to enable you to access NIH wireless resources. The SSID for the NIH campus can be obtained from the IT person responsible for your area or by contacting the NIH Help Desk.

Up to Top

What is Triple DES or 3DES?

Triple Data Encryption Standard (3DES) is an encryption algorithm standard which allows for data encryption or decryption. DES was compromised as computers became more powerful, and Triple DES was introduced. 3DES applies 3 separate layers of DES and is secure.

Up to Top

What is AES?

The Advanced Encryption Standard (AES) is a more recent standard encryption algorithm certified by the US Government. AES allows for a higher level of data encryption and decryption than is available with DES and Triple DES. AES is described in Federal Information Processing Standard (FIPS) number FIPS-197.

Up to Top

What is a VPN?

Short for Virtual Private Network, a VPN is established using existing physical networking infrastructures and sets up an encrypted “tunnel” or stream of encrypted data that is secured, in the NIH case, using AES encryption. A virtual private network is a secured private network connection that is established on top of publicly accessible infrastructure, such as the Internet or the public telephone network. VPNs typically employ a combination of encryption, digital certificates, strong user authentication and access control to provide security. They usually provide connectivity to computers and sensitive data behind a gateway or firewall. At NIH, VPN technology is used to authenticate users and encrypt traffic.

Up to Top

What is an access point?

An access point is a physical device typically connected to a wired LAN, which transmits and receives a radio frequency signal to establish a wireless LAN. A computer with a wireless network interface card connects to the LAN by transmitting and receiving data to/from the access point.

Up to Top


NIH-Specific Questions

What do I need to connect to the NIH wireless network?

To connect to the NIH wireless network you must first have:

An 802.11g compatible card or built-in 802.11g radio in your computer and the associated software for this card. Note that all NIH Wireless locations also support 802.11b, so an older 802.11b card will work. Also note that some NIH Wireless locations may be 802.11b since these locations were installed prior to the advent of the 802.11g standard and have not yet been upgraded. Almost all 802.11g cards are backwards-compatible, so they will associate with 802.11b access points. Therefore, both 802.11b and 802.11g cards will work, but we recommend purchasing 802.11g cards for better service in upgraded areas.

If you want to connect to NIH resources, such as documents, e-mail, file servers, etc, your must also have downloaded and installed the VPN client for your computer's operating system. The NIH SSID and WEP key entered into the wireless client software for your wireless network card.

Up to Top

What kind of wireless card do I need to be able to use the NIH wireless network?

Virtually any 802.11b or 802.11g wireless card will work, but you should make sure the card has been tested by the Wireless Ethernet Compatibility Alliance and found to be compliant with the Standard for Wireless Fidelity (Wi-Fi). Any network card bearing this logo should be compatible with the NIH wireless network. When selecting a wireless card, you should look for the following:

  • 802.11g (preferred) or 802.11b
  • 45+Mbps (g) or 11Mbps (b)
  • 2.4GHz frequency

Note: 802.11a wireless cards are not compatible with the NIH Wireless network.

Up to Top

For a meeting or short-term need, is there a way to obtain a wireless card without having to purchase one?

Yes, a supply of 802.11 wireless cards is available for checkout from the Building 10 library. A mechanism similar to checking out a book is available to obtain a wireless network card for short-term usage.

Up to Top

Where do I find the WEP Key and SSID of the access points to enter into my computer?

The WEP Keys and SSID are available by submitting a request to NIH Help Desk.

Up to Top

Where do I get the VPN client to install on my computer?

The VPN clients for various computers and devices can be downloaded from the Information Systems Designated Procurement website at the Software Distribution Project website at  http://cit.nih.gov/ServiceCatalog/iSDP.htm 

This client is only available when you are authenticated to the NIH domain. Directions for setting up and installing your VPN client are also available at this website. Your IT staff can also assist you in the installation of the NIH wireless network, first make sure you have downloaded and installed the VPN client for your computer's operating system. Instructions can be found in the corresponding Technical Note on the download page. Then start up the VPN client. Please make sure you authenticate (login) using your NIH Domain name and password.

Up to Top

Can I just download the latest VPN client from the Cisco web page?

The NIH recommends that the client be downloaded from the Software Distribution Project website  at  http://cit.nih.gov/ServiceCatalog/iSDP.htm 

If the user chooses the wrong client or installation method, it can cause problems when getting future updates. The NIH version of the client is preconfigured for the NIH environment and will save the user the unnecessary steps of additional configuration. The NIH-specific VPN installation package includes the necessary VPN configurations to be able to access the Wireless and Remote Access VPN services.

Up to Top

Where do I find the Cisco, Avaya and Enterasys wireless card client?

NIH provides client software for the Cisco 350, Avaya Platinum, and Enterasys wireless adapters. Once you have downloaded and installed this software you must configure it with the NIH WEP Key and SSID.

Up to Top

Can I use my handheld device on the NIH Wireless Network?

Yes and No. Unfortunately the Cisco VPN client is not supported for all handheld devices on the NIH wireless network at this time. Although NIH is researching possible technologies for use with most handheld devices and the NIH Wireless network, not all devices will work. Your handheld device must support 128-bit WEP encryption. NIH supports some devices, which have VPN clients that are compatible with our VPN solution. The NIH will update the list of these clients and keep http://wireless.nih.gov updated with the most recent information.

Up to Top

Why do I have to use the Cisco VPN client to access the wireless network to connect to NIH resources?

Wireless networks are inherently insecure due to weakness in the existing wireless encryption standards. Anyone with a wireless card could access a wireless network and thus could access any data that is being sent (including your password!). In order to create an encrypted and secure wireless network, NIH requires the use of the Cisco Virtual Private Network (VPN) client. This VPN client ensures that those using the network are affiliated with the NIH. All users must authenticate to one of the trusted NIH domains. When authentication is successful, users are given a secure tunnel through which data can travel in an encrypted form. You may use an alternative VPN client assuming it can support an AES-256 encrypted tunnel. Note: To ensure that all Internet traffic is secure, NIH recommends you always use encrypted protocols such as SSH, SFTP, SCP, and SSL, HTTPS.

Up to Top

I have a wireless network at home. Do I need to reconfigure my wireless card to use NIH wireless? Or if I bring my computer from work to work at home, do I have to reconfigure my wireless card to work on my home system?

To use your computer from home at work you will have to add the SSID and WEP key for the NIH wireless LAN to your wireless card software. To access the NIH wireless services your card will need to support 128-bit WEP encryption. It is possible that your card may not work on the NIH wireless LAN. If you need to access protected resources such as e-mail or file servers, you must also run the NIH VPN client.

To access your home wireless network using your NIH wireless card/computer you will need to add the SSID and the WEP/WPA key of your access point into a new profile that you must configure for your home system. You should not have to reconfigure your wireless card. However, if your wireless card is configured for static IP, then you will have to change the settings so that your wireless card accepts DHCP automatically. After changing this setting, the only additional step is that you must use the Cisco VPN client when using the NIH wireless network. If your wireless card is 802.11a, it may not work at all on the NIH wireless network (the exception is "dual band wireless cards").

Also, if you use a different VPN client on a wireless network outside of NIH, you should be aware that it may conflict with the Cisco VPN client. Whenever similar programs are installed on the same machine, there is always the possibility that they may interfere with each other even if only one is running at any given time.

You should also be aware that your wireless network at home is not secured unless you are using the VPN client to encrypt and “tunnel” your traffic back to the NIH. If you simply connect to your network at home, other wireless network devices nearby may easily intercept the data that you transmit. It is essential that you not transmit any sensitive NIH data without using the VPN client. At a minimum, home systems should be configured for 128-bit WEP and to NOT broadcast the SSID of your access point.

Up to Top

To use wireless, do I have to register my wireless card with NIH?

No, you do not need to register your wireless card with NIH or provide the wireless card’s MAC address. At the present time NIH only requires that all access points be registered with NIH.

Up to Top

Does NIH Wireless support WPA, WPA2 or 802.11i?

As of August 2005, we are not presently supporting WPA, "WPA2" or similar 802.11i standards. We intend to "leap frog" to 802.11i standards once the vendor solutions have matured to meet our needs. In the mean time, we continue to meet 802.11i-equivalent security standards through the use of our FIPS-197-compliant VPN solution.

Up to Top

Does NIH support 802.11g?

Yes. After mid-year FY2004, all new NIH Wireless locations were outfitted with backwards-compatible 802.11g access points. These APs support both 802.11g and the older 802.11b standard. Continuing in FY2005, locations will be upgraded from 802.11b to 802.11g based on need and utilization. We recommend that all new wireless purchases meet the 802.11g standard in order to provide the best service for all customers.

Up to Top

What configuration changes will need to be made by users who already have VPN configured for use with home DSL?

An additional profile will need to be added to the existing VPN client to access the NIH Remote Access VPN concentrators. These are different from the wireless VPN servers used within NIH. If you are accessing NIH remotely over the Internet, even if you have a home wireless network, you will need a Remove Access VPN account. A NIH Remote Access VPN account can be obtained by having your IC account sponsor submit a request for an account via the Web Sponsor process.

Up to Top


Apple-Macintosh Specific Questions

Will AppleTalk be supported?

No.

Up to Top

Will all the wireless Macintosh computers need to be upgraded to Mac OS X?

No, there is a VPN client from a 3rd party (Netlock) that runs on Mac OS 8 and 9. See the NIH Remote Access web site for information.

Up to Top


Common Troubleshooting Questions

The VPN client is installed, but it never gets to the point where I type in my user name and password. What is wrong?

The VPN client should be configured to 'Launch at Startup'; until the VPN session is established, Microsoft Windows will not be able to connect to network resources. Open the VPN Dialer application, and click on the Options toolbar. Select "Windows Logon Properties..." and then check "Enable start before logon". The next time you initiate the logon sequence (Ctrl-Alt-Del) it will bring up the VPN dialer logon box.

Up to Top

I have a wireless card and am getting a signal. Why can't I access my e-mail and other files that I usually can use on the wired network?

In order to use the NIH wireless network and get to your full NIH IT resources, you must have the Cisco Virtual Private Network (VPN) client installed on your computer. This VPN client software is available for download from this website, along with instructions for setting it up. The use of this client is required to ensure that all data sent over the network is encrypted and secure.

I am running Windows XP Home Edition and do not see any option to “Enable start before login.”

Running the VPN client software on Windows XP Home Edition is a known problem. At this time Home Edition is not supported, users should upgrade to Windows XP Professional.

Up to Top

Note: To ensure that all Internet traffic is secure, the NIH recommends that you always use encrypted protocols such as SSH, SFTP, SCP, SSL, and HTTPS. The NIH strongly recommends that all GUEST users on the wireless network use a VPN client to transmit information back and forth to their home systems. All information on this network may be intercepted, recorded, read, copied, and disclosed by and to authorized personnel for official purposes, including criminal investigations. Such information includes sensitive data encrypted to comply with confidentiality and privacy requirements. Access or use of this network by any person, whether authorized or unauthorized, constitutes consent to these terms. There is no right of privacy on this network. Additional information for Wireless Guest Service

Up to Top

Up to Top

This page last reviewed: November 09, 2011