Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: who offers cheap (personal) 1U colo?

  • From: Stephen Sprunk
  • Date: Sun Mar 14 20:53:21 2004

Thus spake "Vivien M." <vivienm@dyndns.org>
> Actually, you're forgetting what I think is the biggest reason for doing
> this: before the user registers via the web-based DHCP thing, they
> are shown the AUP and have to say they agree to it. If you just leave
> straight IP connections available in rooms, and people violate the AUP,
> they can QUITE credibly argue "But I never read this AUP". The
> web-based DHCP registration system prevents that.

Students have an existing legal relationship with the school; they can be
required to accept the AUP in writing at some point during the enrollment
process.

> Other advantages would be
> A) It prevents students (or at least, all but the most clueful) from
taking
> multiple IPs and having hubs and such in their rooms

There's nothing inherently wrong with that.

> B) It makes it very easy to track what MAC address/IP address is which
> person, as you yourself admitted. Sure, this system requires a bit of
effort
> to set up initially (though I think open source implementations are easily
> available), but afterwards, you don't need to have your most clueful
network
> engineer dig through to try and figure out which room is what IP. If you
> lower the clue level required to operate an abuse desk, I would argue you
> improve its efficiency in many cases...

Tracking an IP address to a particular switch port via ARP and bridging
tables is straightforward; however this relies on detailed cabling plant
data.

> C) It avoids issues of changing ports. Let's say I'm in room 101, and my
> friend Bob is in room 102. I take my laptop to Bob's room and plug it
> into the network and go and do something dumb... If you hunt down my
> MAC address to a particular port, it looks like Bob is the AUP violator.
> If you have a registration system, you know that this MAC address
> belongs to me, not Bob.

Or, if you use 802.1x, you can skip the MAC registration and identify the
user directly each time he logs in.

> Oh, and what about wireless networks? I have my nice 802.11b card,
> how do you propose to track that without MAC registration (or hackish
> VPN systems, which are also deployed in some campuses)?

802.1x

S

Stephen Sprunk        "Stupid people surround themselves with smart
CCIE #3723           people.  Smart people surround themselves with
K5SSS         smart people who disagree with them."  --Aaron Sorkin





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.