• Students
  • General Information
  • Services
  • Contact Us
  • Student Handbook
• Network Policy
  • Acceptable Use
  • Bandwidth Management
  • Copyrights
  • Private Networks
• Wireless Access
  • Introduction
  • Registration
  • Guest Access
  • Coverage
  • FAQs
• Departmental
  • General Information
  • Rates
  • Requesting Service
  • VTMP
  • DHCP
  • VPN
• Related Links
  • computing.vt.edu
  • security.vt.edu
  • answers.vt.edu
  • 4help.vt.edu

Ethernet Operational Policy: Private Networks

Communications Network Services (CNS) encourages the use of CNS installed and managed Ethernet portals for all connections to the campus network. However, there may be certain cases where a user may want to set up a private network of Ethernet hosts connecting to the campus computer network via a single CNS portal. CNS permits the connection of these local area networks (LANs) to the campus computer network under certain conditions. Users are still responsible for the same monthly network service fee for connecting Ethernet hosts, regardless of whether these hosts are connected via a private LAN or directly via an Ethernet port.

To assure proper scaling and support of private LANs and the building networks in which they reside, private LANs of more than ten hosts must connect to the campus network via a 10Mbps Ethernet connection or a Fast Ethernet (100Mbps) multi-mode fiber backbone access port. Only LANs of ten or fewer hosts may be connected to Fast Ethernet (100Mbps) portals. Stations on a connected private LAN are still charged at the standard Ethernet rate per device, plus the cost of the backbone access port itself. Backbone access ports may also entail installation charges for the extended fiber circuit to the private LAN.

The operator of the private LAN assumes responsibility for maintaining and troubleshooting the private LAN. The operator further assumes responsibility for CNS time and material charges that accrue from the resolution of any network troubles caused by the private LAN. CNS assistance with regard to the operation or troubleshooting of the private LAN may result in billable time and material charges. As the total charges depend on the particular situation, please contact CNS Ordering and Provisioning for more specific information.

While the private network may be an inexpensive Ethernet hub, operators may find that manageable, high-quality network devices work better with their private LANs. Hubs that have a MAC address constitute a billable device. A non-managed, or "dumb", hub is not a billable device.

What Qualifies as a Private Network?

A typical connection to the campus Ethernet network is a single host (e.g. computer or network connected printer) with a single Ethernet Media Access Control (MAC) address attached to a CNS-managed network portal via a CNS-provided Ethernet jumper cable. A private LAN constitutes any connection to the campus network that is either multiple individual hosts or any number of hosts with multiple MAC addresses.

• 10Base-T hubs;
• Patch panels;
• Ethernet repeaters;
• Etherwave devices;
• Devices or cables that extend a 10Base-T connection beyond the 100 meter maximum distance specification;
• Media converters changing the 10Base-T connection to another medium;
• Other devices enabling multiple machines to simultaneously connect to a single 10Base-T wall jack;
• Software that emulates multiple Ethernet stations on the same physical computer.

Registration

Students may register their private LANs through CNS Student Network Services and departments may register private LANS through their departmental liaison. When ordering the private LAN connection, operators will need to know the number of machines (hosts) to be connected and the network portal number where the LAN connects to the campus network. The portal number should be labeled on the portal faceplate. A registration fee applies for each order, and each device with a MAC address that can access the university's network will be subject to the standard, monthly Ethernet connection service fee. See Student rates and Departmental rates.

Changes to the Private Network Configuration

A change to the private LAN configuration is considered a change in the total number of MAC addresses registered for a given portal. Increasing or decreasing the number of addresses is accomplished via the same process as for ordering the service. As with other services, disconnection of a LAN is done without fee. The portal, which accommodates a single MAC address, may be retained.

The MAC addresses associated with a private LAN are automatically acquired by the network and kept in a static list by the network devices. Should the operator wish to change this list, it can be cleared by momentarily disconnecting the private network from the CNS portal; the current addresses will then be reacquired by the network. The Network Operations Center can also clear individual addresses from the network. The machines connected to a single portal may be changed by the private LAN operator without incurring additional charges so long as the total number of connected machines does not exceed the registered total for a given portal.

Disclaimer

CNS reserves the right to disconnect any device from the network that negatively impacts the performance of the campus network. For example, CNS may disconnect the private LAN if a machine on the private LAN is misconfigured in such a way as to cause significant disruption to the campus network. Before disconnecting any service, CNS will attempt to notify the registered contact person beforehand where feasible. The operator of the private LAN may be responsible for any applicable charges associated with these matters.

The operation, maintenance, and troubleshooting of the private LAN is the sole responsibility of the private operator. At the request of the department or operator, CNS may assist in troubleshooting efforts. Applicable charges will be billed for time and materials when investigating and correcting a situation.

Operators of private LANs must comply with the rules and specifications governing the design of computer networks as described by IEEE standard 802.3. Failure to do so will result in degraded performance on your private LAN and between your private LAN and remote networks on campus or via the Internet. Access to your private LAN from machines on remote networks may be similarly affected. For more information about this, access: http://www.ieee.org/.

Wireless Routers Cause Vulnerability Without Secure Settings

The preference for mobile computing continues to grow. Even though residence hall rooms have high speed Ethernet connections, many on-campus students still prefer a mobile, albeit somewhat slower, connection in their rooms. Reasonably priced wireless access point/router combos (referred to as a "WR" below) are readily available and comparatively easy to set up.

However, out-of-the-box settings for wireless routers are a recipe for security problems. Anyone who has a laptop with wireless capability in the vicinity (and that's likely all your fellow hall residents), can sign on to the campus network through your wireless router. If they get into trouble, your Ethernet connection is implicated!

Default WR settings are widely known, making it easy to compromise your router and any device connected to it. You must apply custom settings for your wireless access point/router to avoid being implicated for someone else's network problem. The following key points and others are addressed by the instructions that came with your WR or, they may be found on the manufacturer's web site:

1. Connect your computer, preferably with an Ethernet cable, to the WR and access the settings via your browser. Most WRs admin accounts can be accessed using an address such as: http://198.168.1.1.
2. You should set a unique administrator password and, if your equipment allows, a unique administrator ID for your router.
3. Create a unique name for your personal wireless network. The technical name is your wireless network's "SSID.'
4. Turn off broadcast of the SSID to avoid "advertising for unwanted business."
5. Of the available encryption methods, use the most effective one your WR and laptop will accommodate. Most effective first: WPA2, WPA, WEP.

There are other security methods most WR's provide (e.g. register device MAC addresses) and if you are up to it, you may want to apply them as well.

A few simple steps now can save you from considerable frustration later. Be sure you have full control of your wireless router!

Remember, on campus residents who operate a wireless router are responsible for the operation and maintenance of the equipment and all devices connected—whether wirelessly or plugged in.