After my laptop is connected to CUHK(SZ), do I need to authenticate again?
After my laptop is connected to CUHK(SZ), do I need to authenticate again? CUHK(SZ) adopts WEB+MAC address priority authentication. Only WEB authentication is required for the first connection to the network and after changing the CUHK(SZ) account password, and no WEB authentication is required for the next 180 days of internet use.
When using a wired network, the lower right corner of the computer shows “Network is not connected”, as shown in the figure below. How to deal with it?
Check if the network card interface light is normal: If the interface light is abnormal, you can switch to another terminal for testing to rule out the problem of the terminal network card. If both the network card and the interface light are normal: please refer to the figure below to check if the IP address and DNS server are normal.
When using a wireless network, the wireless network shows it cannot connect or has no Internet, as shown in the figure below. What should I do?
Determine if it is an AP failure or if a single AP has too many connected terminals. If many surrounding terminals cannot connect, and the AP light is not on or flashing quickly, it is generally an AP failure. If a single AP has too many connected terminals: switch to another AP or try connecting again later. If the AP shows normal or other users can connect normally: it may be necessary to re-authenticate through WEB.
Please click here for the WEB authentication page URL.
If the WEB authentication page cannot be opened, please check if the IP address and DNS are automatically obtained and properly allocated. The university wireless network IPv4 address starts with 10.30. If you cannot obtain IP and DNS, please try to get an IP at another location or wireless AP to exclude the possibility of a terminal failure.
The network connection is normal, but the internet speed is too slow. What should I do?
First, perform a speed test. If you are on campus, enter 10.10.10.10 in your browser. This method can be used to test the speed of wireless, wired, and VPN networks. For testing instructions, please refer to the figure below. If you are off-campus, please click here (this URL can also be used to test public internet speed), and select Shenzhen as the speed test node.
The maximum negotiated speed of the wireless network card can reach 400Mbps. The domestic Internet access speed for wired and wireless networks per terminal is 100Mbps downstream and 50Mbps upstream. (The above values are for reference only).
Generally, what might be the reasons for slow internet speed?
- The terminal network card model is relatively old, and you can refer to the negotiation speed of the network card.
- There are many wireless network terminals under the same AP in classrooms, canteens, and large lecture halls, and the channel occupancy rate is high.
- The signal of the dormitory network AP is easily blocked by furniture, and you can check if the AP is blocked by a cabinet or bed. Usually, the wireless signal near the window is weaker.
- Wireless network failure.
- Wired network port and line quality issues.
If both on-campus and off-campus websites are visited very slowly, what should I do?
Make sure that IP and DNS can be automatically obtained. Check if the terminal is losing packets. You can use a long Ping to the gateway to observe the packet loss and latency. If the packet loss is serious, it indicates that the access link quality is poor or the network card itself has a fault. The operation example is as follows:
If some domestic network resources are accessed slowly or cannot be accessed, but can be accessed normally with 4G, the possible reason is the limitation of the university’s export link or the need for link optimization. Please contact ITSO for timely processing.
Why can’t some network resources be accessed?
If these network resources come from overseas websites, they indeed cannot be accessed under the current national network security control. Please understand. If these resources come from on-campus websites or systems, you can use the “three checks” method to solve the problem. ① Check if DNS is automatically obtained, if not, please change it to obtain automatically. ② Check if you are connected to a VPN network outside the school, please close the VPN network to access on-campus resources. ③ Check if you are using a proxy, if so, please manually turn off the proxy server, as shown in the figure below:
What is eduroam?
eduroam (education roaming) is a global cross-domain wireless roaming authentication service specially provided for research and educational institutions, which has covered universities and research institutions in 106 countries and regions. Our school has successfully joined the eduroam, and our teachers and students can connect to the eduroam wireless signal at other member institutions to access the internet for free.
Which institutions support eduroam?
For the global deployment of eduroam, Please click here to view.
For the deployment of eduroam in China, Please click here to view.
How to use eduroam off-campus?
Follow these three steps to easily access the internet.
(1)Search for the eduroam signal and click to connect.
(2)Enter your CUHK(SZ) account and password.
(3)Configure security items (Note: only some systems need to be configured), and click login.
The three elements of eduroam settings | ||
Account and Password |
Student: Student No. + @cuhk.edu.cn Faculty and staff: Full name of the CUHK(SZ) email account Password: Corresponding CUHK(SZ) email password |
1.The account must have the suffix @cuhk.edu.cn 2.Do not add link to the student account |
General security configuration |
1.EAP: Select PEAP 2. Phase 2.Select MSCHAPV2 3.Security option: WPA2-Enterprise 4.CA certificate: Do not select 5.Anonymous box: Default is not filled |
Only some operating systems need to do security configurations, and most operating systems only need to enter the account password. For detailed instructions, Please click here to view the guide manual. |
Special Configurations | In Android 11 and 12 versions, please select “Use system certificate” in the CA certificate settings, and fill in “cuhk.edu.cn” in the domain name column. | The configuration interface will change slightly with the update of the operating system version of each device. |
Unable to connect to eduroam off-campus?
Please follow the steps below to solve it.
First confirm if the username and password are correct. If you still can’t log in after changing the device, it is likely to be an account issue, such as a username format error, entering the wrong email password, or the password has expired.
If you still can’t connect, please provide feedback to ITSO.
If the account reason is ruled out, check if there are any abnormalities in the terminal configuration.
Other useful information:
- Test account
You can use the test website provided by Peking University to detect if there is a problem with your CUHK(SZ) account. If the account test fails, please provide the account information to ITSO.
Please click here for the test URL.
The test account must be consistent with the account used for eduroam of our university!
- Refer to the operation manual on the ITSO website to confirm that the terminal configuration is correct, and you can try to delete the wireless ID eduroam and reconnect.
The link to the ITSO website is here.
- When you confirm that both the account and the terminal settings are correct, please provide the following information to ITSO:
CUHK(SZ) account |
Name of the institution visited |
eduroam login time |
*Note, the certificate is replaced every September, and the certificate’s signature fingerprint will be updated accordingly.
What should I do if the eduroam signal is unstable after a successful connection?
In fact, each alliance unit will set up the local eduroam network environment, such as the specific coverage area, traffic limit, and validity period. The specific service provided by the visiting unit shall prevail.
Warm Reminder: Try to test if eduroam can be connected normally on campus, so we can handle it for you in a timely manner. If you have any questions, feel free to contact the ITSO service desk.
Contact Us
Hotline: 0755-84273333
Email: isupport@cuhk.edu.cn
Online service desk: https://itsm.cuhk.edu.cn (accessible only on campus)
ITSO Service Desk: First Floor of Teaching Building D (next to the property service center)
Can I test eduroam connections on campus?
Yes, our teachers and students can test the configuration and account validity by connecting to the eduroam network on campus. However, it is recommended that teachers and students prioritize using the CUHK(SZ) wireless network for daily internet access.
The account and configuration are correct, why can’t eduroam access the internet off-campus?
eduroam is a free and secure global wireless roaming service, and its network connectivity and stability are affected by many complex factors, such as the stability of the server and network of the visited school, the infrastructure of the education network, the eduroam settings of the visiting institution, and whether the communication with the upper-level nodes is normal.
Connection steps:
- Select “eduroam” from the Wi-Fi and click to connect.
- Log in with your CUHK(SZ) account: the username is your student number @cuhk.edu.cn, and the password is the same as your university email password.
- Select “connect”.
*Please note:
- Our staff and students can also use eduroam to access the internet on campus, but they cannot access the intranet;
- Students’ usernames are their student ID followed by @cuhk.edu.cn, not @link.cuhk.edu.cn. For example, if a student’s ID is 123456789, then their username would be: 123456789@cuhk.edu.cn.
What is the scope of eduroam usage?
How do we determine if an institution is part of the eduroam alliance? It’s simple! We can check it ourselves through the following two methods:
- Please click here to log in and click on the eduroam member list to view. Manual input for searching is faster.
- Search for the “Education Network eduroam” WeChat mini-program or scan the mini-program code below. After authorizing location information, the nearby eduroam nodes will be displayed based on the location, making it clear whether there are alliance institutions!
Currently, eduroam has covered over 6000 scientific research institutions and educational institutions in more than 100 countries and regions worldwide, and the number of eduroam roaming allies is continuously growing.
Frequently Asked Questions about VPN
1.Make sure the software version is upgraded to the latest 4.8.
Open the AnyConnect client, click on the red box in the image below, and check for the AnyConnect software version.
2.The AnyConnect client should input the domain name vpn.cuhk.edu.cn.
3. Ensure that the client can correctly resolve the domain name vpn.cuhk.edu.cn and that the network connection to the server is normal.
Open the system command line, as shown in the image below: Enter nslookup vpn.cuhk.edu.cn. The intramural resolution address is 10.20.220.176, as shown in the red box, and the extramural address is 116.31.95.20. Obtaining the resolved IP address indicates that the DNS configuration is normal; entering ping 116.31.95.20 and getting a normal response indicates that the network connection is normal.
How do you connect to VPN when the domain name cannot be resolved normally?
If there is no IP address when using nslookup vpn.cuhk.edu.cn in the third step, it indicates that the client’s DNS settings are incorrect or there is another proxy.
Method 1: Adjust the DNS or turn off the proxy;
Method 2: Access VPN using the IP address (not recommended). As shown in the image below: Uncheck the block connections to untrusted servers. Enter https://116.31.95.20:443 (outside campus) https://10.20.220.176:443 (on campus).
Can I use vpnhk.cuhk.edu.cn to connect to VPN outside mainland China?
Outside mainland China, if the VPN connection is slow, you can use vpnhk.cuhk.edu.cn to speed up the VPN connection.
After a successful AnyConnect connection, why can’t I access the internet normally?
If you cannot open web pages or access the internet after logging in with the domain name vpn.cuhk.edu.cn or IP address, please first check if the VPN-assigned intranet IP address is correct. If you can obtain the IP address normally, it indicates that AnyConnect has successfully logged in and established a VPN tunnel. If you cannot obtain the intranet IP address, it indicates that the VPN tunnel was not successfully established; please contact ITSO for assistance.
On the premise of obtaining the intranet IP, if you still cannot access web pages normally, you can enter 10.10.9.31 in the browser. If it opens normally, it indicates that the network layer is connected; please check if there are other proxies or VPNs on the terminal and turn them off.
- VPN speed is greatly affected by the public network speed. You can test the intranet speed by entering 10.10.10.10. Please click here to test the intranet speed. Due to public network and export bandwidth limitations, upload and download speeds are usually around 20Mbit/s.
Does AnyConnect support multiple account logins?
Only one account is allowed to log in to the current operating system during VPN connection. If multiple accounts are logged into the operating system, the VPN connection will be interrupted.
You may receive an error message like:
"AnyConnect profile settings mandate a single local user, but multiple local users are currently logged into your computer. A VPN connection will not be established."
What to do if the Windows system reports an error “the VPN service is not available, Exiting”?
When the Windows system encounters the error “the VPN service is not available, Exiting,” you can refer to the following link for operations, or manually stop the service and then restart it as shown in the image below.
How to uninstall AnyConnect?
- Mac OS Uninstallation:
Please refer to the following link:
http://kb.mit.edu/confluence/display/mitcontrib/Cisco+Anyconnect+Manual+uninstall+Mac+OS
If the uninstallation is incomplete, you might consider:
- For Windows 10
Please click here to refer.
- For Ubuntu
Please click here to refer.
After faculty connect to VPN, why can’t they use library resources?
When faculty and staff need to access library electronic resources off-campus, they can log in to the VPN client (Cisco AnyConnect) using their CUHK(SZ) account, and the server address should be changed to vpn.cuhk.edu.cn/lib. When accessing more overseas academic websites, use the CUHK(SZ) account to log in to the VPN client, and the server address remains vpn.cuhk.edu.cn.
After faculty connect to VPN, why can’t they access domestic web pages or WeChat?
When users need to use WeChat or QQ communication tools while accessing VPN off-campus, it is recommended to use the server address vpn.cuhk.edu.cn/lib.
Cisco Secure Client (including AnyConnect)Secure Mobility Client Release
Please click here for the Secure Mobility Client Release.