Service Summary

George Mason University provides wired and wireless network access for faculty, staff, students, and guests in every campus facility. Access to the wired network is provided by active jacks in offices, lab facilities, classrooms, student residences, and public spaces. Wired network access in physically controlled workspaces, such as offices and other limited access work areas, is open. Devices connected to an active jack are immediately placed on the network. Both wired network access in public, residence, and teaching spaces and wireless network access is controlled. Devices connecting to an active jack in a public, residence, or teaching space or connecting to any Mason wireless network must authenticate or be registered for access.

Service Offerings

Console Gaming Network

Resident Hall students who play and host console games that have problems with Network Address Translation can register their gaming consoles for special network access. Consoles can be connected to either the wired or wireless network.

The console gaming network offers public internet addresses and a more permissive firewall rule set to enable a more home-like console gaming experience in the Residence Halls. As there is an additional risk of operating on this network, use is restricted to gaming consoles.

Note: Gaming System registrations will be purged prior to each Fall Semester.

Data Jack Assessment & Activation

Mason provides access to its network and telephone service via data jacks that are located in the walls of rooms and offices in university buildings. Not all jacks are activated at all times. Prior to activation, an ITS technician will evaluate the condition of the designated network and telephone jacks to ensure that they are in proper working order.

Device Registration for Network Access

ITS recommends that students, faculty, and staff, when possible, configure their wired and wireless network devices for 802.1x authentication. Unfortunately, some consumer electronics devices, such as gaming consoles, printers, and smart TVs, are not 802.1x capable and require alternative authentication. To solve this problem, students, faculty, and staff may each register up to 5 devices for network access through a web portal at mydevices.gmu.edu.

Eduroam

Eduroam is a worldwide wireless access service, which was developed for the international research and education community. Eduroam allows students, researchers, and staff from participating institutions to obtain wireless access service (authenticated and encrypted) when visiting other participating institutions. A listing of institutions in the United States and around the world (more than 50 countries) that participate in eduroam can be found on the eduroam.org website.

Guest Network Access

Guests of university faculty, staff, and students can self-register for internet access over Mason’s Wi-Fi network. Guest accounts are active for a period of seven days from first use and are supported on three concurrently connected devices. Account information is emailed directly to guests via email with the option to also be sent via text.

The guest network allows only limited access to Mason’s network and internet resources. It allows access to web services, authenticated email services, and IPSec VPNs. The university offers the service of basic guest network access and has no guarantee of service quality.

Guests visiting from other universities that participate in the eduroam service are recommended to connect to this network using the credentials from their home institution.

Residence Hall Network

Mason’s residence halls have dedicated wired and wireless networks optimized for resident student use. Both the wired and wireless networks require authentication or device registration before network access is allowed.

Special Network Service Requests

ITS can facilitate the acquisition and operation of dedicated network infrastructure components for research and other projects that require special network service. Examples of special network services include dedicated ethernet switches and attachment to national research and education networks.This service is limited to Mason faculty, staff, and graduate research assistants.

Virtual Private Network

A Virtual Private Network or VPN is a remote access service that creates a virtual connection between an internet user and a trusted network. A VPN is used to provide an additional layer of security for remote access or to provide a virtual presence on a network.

Mason currently operates an enterprise VPN based on Cisco’s Adaptive Security Appliance (ASA). It offers both VPN functions, providing a virtual presence to the general university community and secure access for designated staff to access select administrative systems.

Wired Network

In order to use the wired network, your device must have an Ethernet interface (10/100/1000-Base-TX) and cable and must be able to connect to an active jack in your workspace. If your department or workgroup uses a special network, the active jack must also be connected to that network.

Wireless (Wi-Fi) Network

Mason's wireless (Wi-Fi) networks are designed to complement wired network services and provide convenient and secure access to network resources and the internet. ITS provides Wi-Fi network access in all academic, administrative, residential, recreational, and dining spaces across the university. For better security and the most feature-rich experience at Mason and beyond, ITS recommends everyone configure their devices for 802.1x authentication. Mason offers three Wi-Fi networks and device registration to the university community:

  • MASON-SECURE is an encrypted Wi-Fi network open to faculty, staff, and students only. This network uses 802.1x for authentication and authorization. ITS recommends that all faculty, staff, and student devices that support 802.1x be configured to join this network.
  • MASON is an unencrypted Wi-Fi network for registered devices and captive portal authentication. This network is targeted to visitors and guests but is open to the entire Mason community. Via device registration, it supports faculty, staff, and student devices that cannot use 802.1x.
  • eduroam is an encrypted Wi-Fi network open to members of the eduroam federation. This network uses 802.1x for authentication and authorization. This network is targeted to eduroam visitors and guests but is open to the entire Mason community.
  • Device Registration is available as an alternative for devices that cannot use 802.1x authentication. Faculty, staff, students may register up to five devices for network access, such as wireless printers, robotics systems, and game consoles.

Please contact the ITS Support Center to report concerns about Wi-Fi coverage or access, and ITS will engage with you to resolve the issue.

802.1x Authentication

802.1x is the recommended method for connecting to campus wireless networks because it is the simplest and most secure way to get online.

802.1x is an authentication framework for both wired and Wi-Fi network access that enables Mason’s networks to automatically identify users’ devices and place them into an appropriate network and security context. 802.1x authentication is required for access to the MASON-SECURE and eduroam wireless networks, which also enables wireless encryption.

All devices have different configuration interfaces and options, so maintaining a universal step-by-step configuration guide is impractical. Please contact your device vendor for detailed step-by-step instructions.

Settings

Some devices (Mac, iOS) will work with the network configuration without additional user configuration. If that’s the case, please skip to the Identity and Password section, below. Regardless of device type, the following parameters need to be set properly to use 802.1x on Mason’s networks.

  • Authentication Method: 802.1x
  • EAP Method: PEAP
  • Inner Authentication Method: MSCHAPV2

Digital Certificates

Mason's authentication system may present you with a certificate that you need to accept and install. If you are not sure if it is the correct certificate, please contact the ITS Support Center. For installation instructions, please refer to manufacturer instructions.

Identity and Password: NetID and Password

You will need to enter your NetID and Patriot Pass Password. Your configuration and credentials are generally stored on your device, though some devices offer the option of requiring the password each time you connect to the network. Be sure to safeguard this information by using a login or unlock mechanism on your device. Some devices have an easy modify option while others require that you “forget” the configuration and start over. Please see your device vendor’s documentation for details.