North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: who offers cheap (personal) 1U colo?
Thus spake "Vivien M." <[email protected]> > Actually, you're forgetting what I think is the biggest reason for doing > this: before the user registers via the web-based DHCP thing, they > are shown the AUP and have to say they agree to it. If you just leave > straight IP connections available in rooms, and people violate the AUP, > they can QUITE credibly argue "But I never read this AUP". The > web-based DHCP registration system prevents that. Students have an existing legal relationship with the school; they can be required to accept the AUP in writing at some point during the enrollment process. > Other advantages would be > A) It prevents students (or at least, all but the most clueful) from taking > multiple IPs and having hubs and such in their rooms There's nothing inherently wrong with that. > B) It makes it very easy to track what MAC address/IP address is which > person, as you yourself admitted. Sure, this system requires a bit of effort > to set up initially (though I think open source implementations are easily > available), but afterwards, you don't need to have your most clueful network > engineer dig through to try and figure out which room is what IP. If you > lower the clue level required to operate an abuse desk, I would argue you > improve its efficiency in many cases... Tracking an IP address to a particular switch port via ARP and bridging tables is straightforward; however this relies on detailed cabling plant data. > C) It avoids issues of changing ports. Let's say I'm in room 101, and my > friend Bob is in room 102. I take my laptop to Bob's room and plug it > into the network and go and do something dumb... If you hunt down my > MAC address to a particular port, it looks like Bob is the AUP violator. > If you have a registration system, you know that this MAC address > belongs to me, not Bob. Or, if you use 802.1x, you can skip the MAC registration and identify the user directly each time he logs in. > Oh, and what about wireless networks? I have my nice 802.11b card, > how do you propose to track that without MAC registration (or hackish > VPN systems, which are also deployed in some campuses)? 802.1x S Stephen Sprunk "Stupid people surround themselves with smart CCIE #3723 people. Smart people surround themselves with K5SSS smart people who disagree with them." --Aaron Sorkin
|