North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: who offers cheap (personal) 1U colo?
- From: Stephen Sprunk
- Date: Sun Mar 14 20:53:21 2004
Thus spake "Vivien M." <email@example.com>
> Actually, you're forgetting what I think is the biggest reason for doing
> this: before the user registers via the web-based DHCP thing, they
> are shown the AUP and have to say they agree to it. If you just leave
> straight IP connections available in rooms, and people violate the AUP,
> they can QUITE credibly argue "But I never read this AUP". The
> web-based DHCP registration system prevents that.
Students have an existing legal relationship with the school; they can be
required to accept the AUP in writing at some point during the enrollment
> Other advantages would be
> A) It prevents students (or at least, all but the most clueful) from
> multiple IPs and having hubs and such in their rooms
There's nothing inherently wrong with that.
> B) It makes it very easy to track what MAC address/IP address is which
> person, as you yourself admitted. Sure, this system requires a bit of
> to set up initially (though I think open source implementations are easily
> available), but afterwards, you don't need to have your most clueful
> engineer dig through to try and figure out which room is what IP. If you
> lower the clue level required to operate an abuse desk, I would argue you
> improve its efficiency in many cases...
Tracking an IP address to a particular switch port via ARP and bridging
tables is straightforward; however this relies on detailed cabling plant
> C) It avoids issues of changing ports. Let's say I'm in room 101, and my
> friend Bob is in room 102. I take my laptop to Bob's room and plug it
> into the network and go and do something dumb... If you hunt down my
> MAC address to a particular port, it looks like Bob is the AUP violator.
> If you have a registration system, you know that this MAC address
> belongs to me, not Bob.
Or, if you use 802.1x, you can skip the MAC registration and identify the
user directly each time he logs in.
> Oh, and what about wireless networks? I have my nice 802.11b card,
> how do you propose to track that without MAC registration (or hackish
> VPN systems, which are also deployed in some campuses)?
Stephen Sprunk "Stupid people surround themselves with smart
CCIE #3723 people. Smart people surround themselves with
K5SSS smart people who disagree with them." --Aaron Sorkin