1. BCMike's Avatar
    Daughter's a freshman at GWU. She uses a Verizon 9930, OS7.1.0.580 that she can't get to connect to the University wifi. They run 802.1x wifi using an EAP-TTLS authentication protocol. On their FAQ page they state: "12. Will my BlackBerry work on GW1X? We have not yet been able to get any test RIM Blackberry devices working securely on the GW network. Blackberries can only support some forms 802.1x and not others. Unfortunately RIM does not currently support the authentication type used by the GW1X system. Division of IT staff continue to work with our support partners to bring a viable option secure option to BlackBerry users.". I'm hoping someone might be able to help explain what this means, what the limitations/incompatibilities are and hopefully what a solution might be. I see EAP-TTLS as an enterprise subtype for BB devices. Does a solution exist for BIS devices?

    Their instructions for Android users is:
    From wireless settings (settings-->wireless&networks-->Wi-Fi Settings)
    Select GW1X from the list of available networks. It will say: GW1X Secured with 802.1x EAP
    You will then be presented with a menu 'Connect to GW1X'
    Use these settings:
    • EAP Method: TTLS
    • Phase 2 authentication: PAP
    • CA Certificate: (leave as N/A)
    • Client Certificate: (leave as N/A)
    • Identity: <GW NetID>
    • Anonymous identity: (leave blank)
    •Wireless password: <NetID password>
    08-26-12 07:55 PM
  2. iamq's Avatar
    If it is just EAP-TTLS then it should work. I use EAP-PEAP at all my sites all linked into a radius machine to deal with user accounts.

    Ask her to delete the network from the list of saved ones and re-add it by hand. She may need to set the inner tunnel settings or have a play about - but I can't see why it wouldnt work...
    08-28-12 12:00 PM
  3. BCMike's Avatar
    A fellow on the BB support forums replied to me focusing on an issue with the PAP "inner authentication method". As far as he knows there is no solution yet. Basically the BBs don't support the PAP authentication even when under the EAP-TTLS outter. He explained it as "The inner one is not secure, cause security holes have been proven. BB thinks that the security of the outer tunnel is not enough and therefore does not support any conenction with that insecure method "PAP".".

    This protocol is used by universities world wide. BB seems bound and determined to alienate these students and the rest of the "consumer" market. They need to make provisions for the BIS world while maintaining the security profile for the BES world. They are losing a large youth demographic and will never get them back.
    Last edited by BCMike; 08-29-12 at 12:33 PM.
    08-28-12 02:12 PM
  4. iamq's Avatar
    I see your problem now - inner settings only gives MSCHAP. I ran into problems with my old nokia not wanting to talk to some secure networks, this was something along the same line.

    This just reminds me that RIM won't let me/you/anyone setup a VPN connection from there device to an endpoint that not on the list already. (All Cisco, checkpoint etc - no simple PPTP or L2PT/IPSEC stuff) which is also a big big pain the rear.
    08-29-12 05:33 AM
LINK TO POST COPIED TO CLIPBOARD