Personal tools
University Computing Service

Wireless networking

Configuring eduroam - Windows 7

These instructions are for configuring wireless access to eduroam on Windows 7 using the built-in wireless networking configuration utility.

Configuration Steps

Make sure that you have your credentials (eduroam identifier and Network access token (username and password)) from the UCS Tokens service.

NOTE: Before you begin the steps below, you must be connected to the network fully (on Lapwing/Raven or an office or home connection) and browse to the UCS Tokens service page using Internet Explorer 6 or above (if you use a third-party browser such as Firefox or Google Chrome, this will not work). This causes your browser your to automatically retrieve some information required in the certificate authority step below.

  1. Go to Start, then Control Panel, then Network and Internet, then Network and Sharing Center
  2. From the list of tasks select Setup a new connection or network.
    Network status and tasks
  3. When asked to choose a new connection option select Manually connect to a wireless network
    Manual setup
  4. You will then be asked for information about the wireless network.
    Wireless Network Connection information box
    • In the Network name box, type eduroam (note the lower-case 'e').
    • From the drop-down lists:
      • For Security type choose WPA2-Enterprise (or WPA-Enterprise if your wireless card doesn't support WPA2)
      • For Encryption type choose AES (or TKIP if your wireless card doesn't support AES)
    Select Next. You should now be told that eduroam has been successfully added. Select Change connection settings.
    Changing connection settings
    This will bring up the network wireless connection properties.
  5. On the Connection tab uncheck Connect to a more preferred network if available The result should look like:-
    Untick preferred network
  6. Select the Security tab.
    Security tab settings
    • From the drop-down list for Choose a network authentication method choose Protected EAP (PEAP)
    • Select Settings…
  7. Complete the settings in this dialogue box as shown:
    Protected EAP (PEAP) Properties dialogue box AddTrust
    • Make sure Validate server certificate is ticked.
    • Tick Connect to these servers, making the text field below available…
    • …in this box, enter network.tokens.csx.cam.ac.uk.
    • From the list of Trusted Root Certification Authorities find AddTrust External CA Root and tick the box next to it; If AddTrust External CA Root is not in the list of Trusted Root Certification Authorities then see the step at the top of this page
    • Tick the box next to Do not prompt user to authorize new servers or trusted certification authorities
    • Tick the box for Enable Identity Privacy.
  8. The drop-down list under Select Authentication Method should already have Secured password (EAP-MSCHAP v2) selected - select the Configure… button next to it to open the EAP MSCHAPv2 Properties dialogue box:
    EAP MSCHAPv2 Properties
  9. Untick the box next to Automatically use my Windows logon name and password (and domain if any) then select OK, then select OK to close the Protected EAP Properties dialogue box
  10. Now, from the Security tab select Advanced settings
    user authentication setting required
  11. Check that you have the 802.1X settings tab and, from the pull-down menu select User authentication then select OK
  12. Now Select the 802.11 settings tab. Check that Enable Pairwise Master Key (PMK) caching is not ticked.
  13. Select OK to close all the various dialogue boxes
  14. Select Close to close the "Manually connect to a wireless network" box.
  15. After a short period of time, your computer should detect the eduroam wireless network and display a balloon, telling you Additional information is needed to connect eduroam.
    Additional details required balloon
  16. Click in the balloon and a dialogue box will appear, prompting you for your credentials.
  17. Complete the dialogue box using the Network Authentication credentials given on the UCS Tokens service:
    Credentials
    • Your User name will be the eduroam identifier shown (typically your CRSid followed by @cam.ac.uk).
    • Your Password will be the Network access token shown.
  18. Select OK.

If you get an error saying that authentication has failed, double-check the above steps. In particular check that you have typed network.tokens.csx.cam.ac.uk and not network-tokens.csx.cam.ac.uk (i.e. a full stop not a hyphen). If you are still unable to connect contact the Help Desk for assistance.

All the settings you have made are stored in your computer and should not need re-entering each time you connect.

Last updated: December 2011