On Sun, 3 Feb 2002, Cameron Kaiser wrote:
> - all
machines legitimately using the network are known as well as
> their ethernet addresses,
> - assign all those legitimate machines an (basically fixed) IP via
> DHCP,
> - for all unregistered machines, offer them IP addresses in the
> 127.0.0.0 range as well as themself as their default router and other
> stuff to make their network connection a notwork connection
I kind of like that! No! I *REALLY* like it!
Have you tested this?
We have something like this at PLNU. Unknown MAC addresses get dropped into
a category where the network will only allow them to connect to the
registration server -- it drops packets bound elsewhere. To register for a
"fixed IP over DHCP" lease, they have to have their bills paid and their
student ID, SSN, etc., and then they get the DHCP lease for the year
wherever they go on campus. The system is now almost totally automated.
So, an unauthorised laptop connecting on campus basically doesn't work;
their packets end up in /dev/null. There are plenty of public terminals if
surfin der Veb's all they want to do.
I go to Purdue University. Remembering that we are a *state* funded
institution, I'll go through the differences we have here.
Most classrooms have PC's, and a lot of Professors/Instructors have
laptops. Next to pretty much any live network jack for the PC in the
classroom there is a live 'extra' network jack, usually with DHCP enabled
so anyone could use it (yes, ANYONE with a machine that supports DHCP).
Most labs around here are not open anywhere near 24x7, although during
the semester (excluding all university holidays when EVERYTHING is locked
up) there usually is at least one lab open.
Personally, I like the fact that if I'm giving a presentation, I can plug
my laptop into any open ethernet port without having to talk to someone...
especially considering my parents are paying about $15k/year to send me
here. 'It just makes sense' to have the people that are funding your job
have access to your services, doesn't it? (in a University setting at
least)
Currently, several of the schools are setting up 802.11b wireless networks
in their building. For engineering, you have to register your MAC address
to be able to use it, for some others, you can't use it unless you have a
real need, and for yet others (the School of Education for example), there
is no real access controls.
While I'd say I don't necessarily agree with a complete lack of access
controls, it's a good thing to let students use the network. Heck,
they're the ones paying your salary!
-- Pat