1 / 31

DirectConnect & UM’s Network Access Control

University of Montana - Missoula Adam Ormesher & Chase Maier. DirectConnect & UM’s Network Access Control. Background Information. We provide internet to about 3000 residents All ten dorms are currently wired-only connections NAT – Not enough forward facing IPs

jillian-foley
Download Presentation

DirectConnect & UM’s Network Access Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. University of Montana - Missoula Adam Ormesher & Chase Maier DirectConnect & UM’s Network Access Control

  2. Background Information • We provide internet to about 3000 residents • All ten dorms are currently wired-only connections • NAT – Not enough forward facing IPs • Outside connection managed by Central IT – Not us

  3. IP Address Pools • Each residence hall has two designated pools of IP addresses for use by clients. • “dirty pool” not registered or banned • 10.247.__.__ • “clean pool” devices which have been registered and are able to access the Internet and network resources. • 10.248.__.__

  4. Network Level Restrictions • Each switch blocks outbound DHCP Offers on all switch interfaces. • A single exception is necessary allowing our approved DHCP server to provide devices with leases. • This helps alleviate problems caused by students plugging in routers backwards which compete with our DHCP server.

  5. Network Level Restrictions

  6. Network Level Restrictions Rouge DHCP Example Student Router Student Router

  7. DCOHome - Uses • Custom web application containing: • Residence Halls Switch Port Control • Residential DHCP Backend Data Store • Student Housing Records

  8. DCOHome – Student Info • Student Personal Information • Student ID, NetID, Name, Email, Phone # • Housing Information • Dorm & Room # • The above information is updated daily from Banner for students living in our residence halls.

  9. DCOHome – Registration • Each device that is connected to the network is given a DHCP lease based on MAC Address. • Each device is assigned to an existing student. • Game consoles are manually registered by our employees.

  10. DCOHome – Ban Methods • Using the ban system we are able to: • Ban specific MAC Addresses • Ban all devices registered to a student. • Banned machines are returned to the “dirty pool.”

  11. DCOHome – Ban Reasons • Student conduct violations • DMCA violations • Network Impacting Infections • Malfunctioning hardware • Unauthorized hardware

  12. DCOWeb – Overview • DCOWeb provides the following: • DHCP Server • Web Server • DNS Server

  13. DCOWeb – DHCP Server • Developed using Java by our internal programming team. • Communicates with DCOHome using XML.

  14. DCOWeb – Web Server • Contains pages with: • Instructions to be followed to register. • Commonly downloaded files. • Windows Service Packs • .NET Installers • Antivirus & Antimalware Utilities

  15. DCOWeb– DNS Server • Computers in the “dirty pool” are assigned DCOWeb as their DNS server. • All DNS lookups sent to DCOWeb resolve to the IP of DCOWeb(10.248.242.55). What is IP for “www.google.com”? 10.248.242.55 (DCOWeb) Client In Dirty Pool DCOWeb

  16. Overview DCOWeb DCOHome Student info DHCP log Port status DHCP Server DNS Server Hosted Files Client (Student machine)

  17. DCOWeb – Mac Setup

  18. DCOWeb – Windows Setup

  19. Questions? • www.resnetsymposium.org/rspm/evaluation/

More Related