Multiple connections via one Ethernet port, connection issue

[rav007]

Hello

I have searched far and wide but I could not find anything anywhere on this so I think this may be thread-worthy. I am currently in France at a University on exchange with a friend of mine (we are from the UK) and I have come across something I have never seen before nor do I know how to resolve.

The ethernet ports across the entire campus including the halls all host multiple networks via one port. I connect to the port and I get one connection, and my friend connects to get a second connection through the same port, and a third person connected via the same port to get yet another connection. I think there may be 4 connections being hosted through this in total.

Now, the university have 3 main streams of internet: 1 for Staff/postgrad, 1 for students, 1 for exchange students. The fourth connection type is intranet with only access to a portal. The purpose of the portal is to submit your mac address for wireless and ethernet to be assigned an IP address for both.

The issue we are having is my friend needs to connect to the exchange students connection for actual internet access, but the ethernet cable will only connect her to the portal (all her details have been submitted) and I have no idea how to resolve this. I have cycled through every window in the networking control panel and usually issues like this I can resolve within a couple of hours but I have absolutely no idea how to identify other networks that are available through ethernet.

Can anybody help? She needs the connection set up asap because she needs access to the local servers for her research.

Thanks
Ravi

 

[bill001g]

There are a couple of ways they could accomplish what they are doing. Basically you are being assigned to a vlan based on who you are.
If they are really stupid you change the mac address on the PC to match a allowed one.

I suspect they are using 802.1x. Basically how this works is your PC exchanges special messages called EAPOL that is used to authenticate you machine. The switch then sends this information to a radius server which in turn sends message to the switch telling what vlan and what types of traffic to allow. If you are not authorized the common thing to do is put you on a vlan that has very limited authority and can be as in your case be used to request access.

If this is done correctly 802.1x is almost impossible to defeat or bypass. You could use ICS on authorized machine but this is the same as giving her your machine and logging in for her.

 

[rav007]

Ahh, I see. Is there a way to force an IP through to the server for authentication? We know the IP addresses we have been assigned, I am not sure of the command in cmd but I thought it could be worth a try to ask for secure connection through an IP?

Also on a side note, something else I have had difficulty with is setting up wireless access points. I am using windows 8 pro 64bit, and I have tried to use my wifi adapter to share my ethernet connection by right clicking the wifi adapter and then in properties > sharing, enabling internet sharing with the ethernet connection. The other route I tried is through command line using the netsh wlan hostednetwork calls, allowing hosting and assigning an SSID and key, followed by the start command. I have also tried connectify and some other software but I hate installing software for that kind of thing if my system can do it through command line.

Both of these yield the same results - limited connectivity in the local area connection. When I run a windows diagnostic on the local area connection it gives me a DHCP error, about it being disabled. It seems as though when I turn on wireless access points, the IP and DNS are assigned specific values, where they need to remain auto. When I try to manually configure auto, the wireless access point stops host, and when I allow windows to apply the DHCP enable fix with admin rights, the wireless access point stops host.

The network I am using is called eduroam, it seems to be a common network for universities who are part of the eduroam project and my authentication to the network is through a radius server from my home university, I checked the wireless connection properties. Could there be a workaround for this? I have been assigned an IPv4 and IPv6 IP, I considered that perhaps the IPv6 is interfering (I dont know why it would, but its just new to me) so I disabled the IPv6 connectivity. I dont think the server supports it anyway as the connection properties only show me as connected through IPv4 not IPv6, but nevertheless, I have still not managed to set up an access point and I am still lost on this.

 

[bill001g]

Reading the faq this system IS using 802.1x. ICS is a pain in the butt to configure even when you are not trying to share a secure connection. I have always just followed the step by step instructions at microsoft and it mostly works.

Since this is 802.1x this is not even related to the IP addresses. This is even below the mac address level. The port only accepts 802.1x messages until you are authenticated. You traffic is going from your PC to the port on the switch it does not pass beyond that port. This is why it cannot be bypassed.

To make ICS work you would have to log your machine into the system using your userid and password. This is many time invisible to you with 802.1x since it is using either certificates that were placed on your machine or it is using cached AD credentials. After you are fully on you could then share your connection with the other nic on your machine. Although this is considered a exploit of 802.1x it mostly isn't. It is the same as if you gave someone your id and password and let them log their machine on with it. Since you can lose your access for others actions I would never use ICS to allow someone else access. If it was just a way to get you iphone on the network then ok.