de | en







Virtual Campus Graz

WiFi Usage in VCG

1. Centrally Managed WiFi

Since the demand for WiFi access in dorms is constantly increasing and misconfigured private WLAN routers keep disrupting the network (e.g. by also being configured as DHCP servers in the upstream), many dorm operators, together with the ZID of TU Graz, have decided to set up an enterprise WLAN via RADIUS with WPA2 and IEEE 802.1X, using central user management.

Until a changeover to IPv6, only a maximum of 3 IP addresses per user are assigned from the IPv4 address space. The WLAN is limited to 20 Mb/s per IP address.

1.1 Hardware Interface
WLAN APs are installed in the participating dorms (last column), which connect to a central WLAN controller and provide WLAN almost everywhere, depending on the dorm.

The central WLAN controller was still financed by the Graz universities and universities of applied sciences (until 2016 the main funders of VCG), the access points and their installation have to be paid by the dorms, whereby per access point in total (measurement, purchase, installation and provision of PoE ports) an average of about 1,000 Euros can be expected.

Whether a dorm participates and whether the WLAN is then offered (largely) dorm-wide or only in certain areas is up to the respective dorm operator.

1.2 Registration
The login is done with the usual access data of VCG with the following authentication settings:
  • SSID: VCGraz
  • Netzwork authentication: WPA2 Enterprise
  • Data encryption: AES
  • EAP type: Protected EAP (PEAP)
  • Authentication method: EAP-MSCHAPv2
  • Domain:

Configuration Notes:

  • Android
    1. Download the AAA Certificate Services Root certificate.
    2. Open the file on the phone and select Wifi as the Certificate store.
    3. The imported certificate should now be available for selection when connecting.
    Android 9+
    If you have already created a profile for VCG, remove it, then connect with the SSID "VCGraz". Select PEAP, search for the certificate and set MSCHAPv2 under "advanced → phase2 authentication" and go to "SAVE". Enter your account data and tap on "connect".
  • Other operating systems
    Should work "out of the box", you just must not enable the "Share network with contacts" option for VCG under any circumstances, otherwise your VCG password will be sent to your contacts!

    On iOS (iPhone, iPad) please check if HTTP-PROXY is set to "Off" in Settings → WLAN → eduroam → (i) or if on your notebook (Mac OS, OSX) Automatic Proxy Discovery is disabled in the WLAN settings under  → Settings … → Network → WLAN → More Options … Proxies.

Please also check the fingerprint of the authentication server when establishing a connection: MD5 dd152c636129d07c6a3bca3d6402ff95
SHA1 98 d6 b9 b7 e3 47 1d d9 32 13 77 a9 a8 dc dd 11 06 b6 8e a6
1.3 Private WLANs
The operation of private WLAN hotspots in centrally covered areas is only allowed (in coordination with the dorm administration) if this WLAN (Attention: Also game consoles etc. often work as WLAN hotspots!) does not interfere with VCG WLAN!
1.4 Smart TVs
Smart TVs generally do not support WPA2 Enterprise, so these devices cannot log in directly to the VCG WLAN.
This problem can be solved by connecting a (cheap) router to the VCG network via PPPoE and then connecting the TV device to the router via cable (otherwise you will interfere with the VCG WLAN).
If this is not possible and you connect the smart TV device via WLAN router, the following applies:
  • Inform the home management that you plan to operate a WLAN router.
  • Turn down the transmission power as much as possible and
  • shield the WLAN router.

2. WLANs in not Centrally Managed Areas

If you set up a private WLAN (WLAN router at the LAN socket, WLAN-capable printer, hotspot with smartphone or notebook, game console, etc.) then you should coordinate with the residents of the neighboring rooms about the channels used so that you do not disturb each other.

3. General

If you use a WLAN router connected to the LAN socket, configure it in such a way that it assigns IP addresses via DHCP only in the private WLAN, but not in the upstream (i.e. on the line through which the router is connected to the dorm network), otherwise you may disturb the entire dorm network!

The access to this private WLAN should also be secured by WPA2, so that nobody can use your connection, because this can have legal consequences (e.g. copyright law but also criminal law) as well as consequences for your transfer volume.
Again and again we are forced by court orders to hand over user data to the police or the public prosecutor's office!
Do not forget to secure the configuration access to the WLAN router with a password and/or access lists!

The use of the SSIDs "eduroam" and "VCGraz" is not allowed. In general, an SSID should be used that makes it easy to determine who is operating this WLAN (room number, name, etc.).

In the area of centrally managed access points, either the transmission power has to be reduced in such a way that the access points do not "see" these unknown transmitters, or the radiation has to be directed/shielded in such a way that the APs of VCG are not disturbed, for this purpose there are tips on the Internet, e. g. on the use of shoe boxes lined with aluminum.

Malfunctions that require the intervention of a service partner for repair/clarification cost EUR 150,--/hour!