ChromeOS network settings

[Robert Morley]

What are you all using to configure your network on your ChromeOS devices.  I have an aruba system, and we use 802.1x authentication.  I have set up an active directory user for my chromebooks to authenticate with, but when I log out each time, it looks like the network disconnects and then reconnects, and creates what seems to be an unnecessary delay in the next login.  I am thinking it might be easier to set up another SSID with WPA2-PSK to make it a bit less complicated.  What are you all doing?

Robert Morley
Network Supervisor
Bainbridge Island School District
(206)780-1883

[Jaymon Lefebvre]

Guest network using WPA2-PSK deployed through GAFE console.  Using Meraki cloud wireless, so the dedicated Chromebook network is the same authentication across all schools.  We have no splash page but we do have client isolation enabled.  (No one but our wireless admins and GAFE admins has access to the PSK)

Once the Chromebook is enrolled and gets the network settings from GAFE panel, its on cruise control.  The Chromebooks just connect to the network on their own, users never need to know any settings, and they are restricted to the Internet (no internal resources unless they hairpin).

It has been working like a champ so far.

Jaymon Lefebvre

--
--
You received this message because you are subscribed to the Google
Groups "Google Apps K12 Technical Forum" group.
To post to this group, send email to k12ap...@googlegroups.com
To unsubscribe from this group, send email to
k12appstech...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/k12appstech?hl=en?hl=en
 
---
You received this message because you are subscribed to the Google Groups "Google Apps K12 Technical Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to k12appstech...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[JP Connolly]

We have Aruba as well, and are using a hidden SSID with WPA-PSK and MAC address white listing. We pre-load the SSID via the control panel and enroll them using an open network; they then pull the Chromebook SSID and connect on next reboot.

--

[Robert Morley]

So I am just testing a WPA2-PSK for my chrome devices, everytime I boot though, I get this "oops, something went wrong with signing in" error.  If you wait a few seconds you can see the wireless connecting on the bottom right, then the alert goes away and you get the normal login prompt.  Is that normal?

Robert Morley
Network Supervisor
Bainbridge Island School District
(206)780-1883

[JP Connolly]

I've never seen that before, but this may be of some help:

https://code.google.com/p/chromium/issues/detail?id=179676

-JP

--
JP Connolly
Director of Technology
Saint Ann's School

129 Pierrepont St.
Brooklyn, NY 11201

718.522.1660

[Jonathan Crosby]

Rob,

We have the exact same setup and same problem with 802.1x. The settings are configured in the control panel by device yet when the user logs on the device randomly selects a wifi network (either the 802.1x one or our guest wireless network).  For the most part the machine uses the correct SSID before logon. It is after the user logon that it attempts to bounce between SSID's.  One would think the device wifi configuration would override the user wifi configuration, but in practice that doesn't seem true.

I've put a support ticket in regarding this and sent several logs over to support but really have not gotten anywhere.

For the folks who have a different wireless security mechanism in place, do you also have a guest wifi network that competes? and causes issues?

FYI - Our guest wireless network is not configured anywhere in the Chrome OS wifi settings.

Jon Crosby

Technology Operations Manager

support.westport.k12.ct.us

--

[JP Connolly]

We've never found 802.1x to work particular well with our Chromebook fleet as shared devices, but as 1:1 faculty devices it seems to work fine. 

Perhaps if you blacklist the Chromebooks from the 802.1x network and push the WPA2 SSID via the Chromebook profile, you'll have better luck? If that doesn't work, I'll bet either manually deleting all other networks and letting the profile re-add the non-802.1x one would work, or if extreme measures are needed, doing a ChromeOS restore and then pushing the correct SSID during enrollment would also probably work. 

At any rate, we've avoided 802.1x on our shared Chromebooks with our Aruba network and it's worked great. 

-JP

[Jaymon Lefebvre]

We have a wide open public guest network.  There is no authentication.  This network has client isolation, and broadcasts its SSID.  Its simply that.. wide open, with some pretty standard shaping, filtering and port restrictions.

For the Chromebooks, we publish another network, hidden SSID with PSK, and client isolation.  The SSID & PSK is pushed through GAFE admin panel.  As mentioned, following enrollment, they just boogey, no problems (aside from a weird problem upgrading from I believe ChromeOSv25 where on initial reboot, the Chromebook's ignored their config files, thus went stupid).  This appears to have resolved itself in subsequent updates.  (The kids figured out if they just switch from the Chromebook SSID, to the guest SSID, it would refresh its GAFE config, and then they were off to the races).  We do not shape this network at the wireless access point, instead allowing it to roar.  Overall shaping is handled by the primary edge device (all schools in a full fiber mesh network with a single gateway to Internet).  Basic content filtering (adult) is applied at the access point, then the Chromebooks are unfettered though they must use the same basic ports the primary edge device allows.  In our case, 80, 443, and * to all Google's public address range seemed to work just fine for us.

Both networks have band steering enabled, and we havent heard so much as a a peep about it aside from the aforementioned weirdness when upgrading ChromeOS.

I have to say, the wireless has been excellent using a very basic hidden SSID and PSK shared through GAFE admin panel.

cheers,

Jaymon