Bringing Networked Devices to CLASSE

---

Please register your personally owned devices with Cornell's Red Rover or Eduroam wireless networking services, not here. Red Rover and Eduroam are available in all three of the buildings used by CLASSE: Newman Lab, Wilson Lab and the Physical Sciences Building. Red Rover registrations for people without NetIDs are valid for only 21 days during each semester. However, you can request a Cornell GuestID which allows access for at least a year. More information about Red Rover and Eduroam is available at https://it.cornell.edu/wifi

If you have determined that Red Rover and Eduroam are not appropriate for your use and you need to use a networked device on CLASSE's internal network, please fill out the form below so we can expedite your connection. Note that you will need to provide a research justification and a WBS to charge.

The further in advance we're notified, the better prepared we can be. A week's notice would be about right [expl #2]. Some clarification about the information we need is below the form, along with an explanation of why we do this.

The form gets sent as an email message to members of the CLASSE computer group and is logged in our trouble-tracking system. The information you provide is intended strictly for the Lab's internal use. It will not be supplied to anyone else on a routine basis, although it may be necessary to disclose it in case of problems.

You'll be contacted to confirm your connection.

After submitting the form, you should receive an automated confirmation email. If you do not receive any confirmation, then your request was not submitted successfully. Please try again or email service-classe@cornell.edu directly.

---

1. What is your name? [expl #1]
   
2. Which institution are you affiliated with?
   
3. What is your email address? (Required)
   
4. What is your telephone number(s)?
   
5. What is your telephone number(s) at CLASSE?
   use central Wilson Lab number, use central Newman Lab number, don't know which,
   Use this number:
6. Are you a temporary visitor to CLASSE ?
   No, permanent or returning affiliation with the Lab
   Yes, just at the Lab for a while
   
   If you're a visitor:
   1. Will you need a computer account at CLASSE?
      Yes, No, Maybe, I already have one.
   2. What is the email address or name of your host at CLASSE? (person or research group)
      (Required for visitors)
   3. How long do you expect to be at CLASSE?
      
      
7. When will you need the network connection? [expl #2] Please specify a date, not "ASAP".
   
8. Where will you need the connection? [expl #3]
   Newman Lab, Wilson Lab, Physical Sciences Building, CHESS Module, Central Module, East Module, Don't Know, Somewhere else. (Where? )
   Room number:
9. What kind of computer will you be using? [expl #4]
   Laptop PC, Desktop PC,
   Laptop Mac, Desktop Mac,
   Other. (Type? )
10. What operating system will it be running? [NOTE: Windows 7 or earlier NOT ALLOWED on CLASSE networks]
    Windows 10
    Mac OS X
    Unix, Linux (Distribution? [note 2])
    Other. (Type? )
11. What type of connection? [expl #3]
    Wired (twisted-pair) or Wireless (802.11b)?
    What is your computer's hardware network address? (Required) [expl #5]
    
    Should this replace an existing registration? Yes No
12. If you would like to register a second network interface on the same computer, please enter it here. What type of connection?
    Wired (twisted-pair) or Wireless (802.11b)?
    What is the hardware address of your second network interface?
    
    Should this replace an existing registration? Yes No
13. What WBS should be charged for connecting this device to the CLASSE network?
    
14. What is the research purpose for using this device on the CLASSE network?
    
15. Please verify your submission by typing the word in the image below:
    

Reminder: Wireless internet access in Newman Lab, Wilson Lab and the Physical Sciences Building is provided via Cornell's Red Rover network service, documented here: http://www.it.cornell.edu/cms/services/wifi/index.cfm

[Back to Top]

---

Explanations:

• Who are you?

Please let us know who you are. Many people are only at Cornell briefly and are not known to most of the members of our computer group.

Also, please supply an email address where we can contact you.

[back to form]
• When are you coming?

Please tell us whenever you plan to come to CLASSE with a portable computer. The further in advance we're notified, the better prepared we can be. A week's notice would be about right. Prior commitments may cause a day or more of delay if you wait until you get here to let us know you need a connection.

Do not expect to be able to get a CLASSE network connection if you show up unexpectedly on Friday afternoon for a weekend meeting. We do monitor various aspects of our network hardware and know immediately when something has been connected inappropriately.

Also, please do not bother using the acronym "ASAP". People have too many different meanings for it, so we have to ignore it. Please specify a date.

Please let us know when you leave, too. Unfortunately, we only have a limited number of protected network switch ports. We probably will have to give the network switch port you'll be using to someone else in another room.

[back to form]
• Where will you be?

You can't just plug in anywhere. Your laptop will connect to CLASSE's network only if you use a wall jack that is connected to CLASSE's "LNS Protected" subnet. Many of CLASSE's wall jacks are connected to other networks and cannot work for you.

Similarly, CLASSE's wireless network only works within a few locations in CLASSE's buildings and only where Cornell's Red Rover wireless service is not available. If you want to use a wireless connection elsewhere on campus (including the Physical Sciences Building), you must register your system with the campus network services. (See http://www.it.cornell.edu/wifi/ )

In the Physical Sciences Building, if you want to use CLASSE's printers, you either must register your laptop's wired (ethernet) interface for use on the CLASSE network and use an appropriate ethernet wall jack or you must use CLASSE VPN software. Red Rover's wireless services do not provide direct access to LEPP's printers.

We need to know where you'll be located so we can activate an appropriate wall jack. Of course, with the crowded situation during the various collaboration meetings and during the summer, it may be impossible to know in advance where there'll be room for you.

Normally a member of the CLASSE computer group will have to run some cables to activate a specific network socket in your office. That socket has to be connected to a port on the ethernet switch used by the protected subnet.

[back to form]
• What kind of system will you be bringing?

This will help us plan for the kinds of resources you might need.

[back to form]
• What is your computer's ethernet address?

The "LNS Protected" subnet uses DHCP to supply a specific IP address and other network information (like gateway and nameserver addresses) to each portable client. You will need to configure your system to "Obtain IP address from DHCP server" or "Get IP address automatically".

For accountability, addresses on the "LNS Protected" network are assigned statically, not randomly. We need to know the hardware address of your network card in order to be able to assign an IP address. (The hardware address is also known as the MAC address, short for Media Access Control, not Macintosh.) This address is a 12 character hexadecimal number which looks something like 12:34:56:78:9a:bc. A member of the CLASSE computer group will assign a unique IP address to this hardware address. Sometimes we can wait until you are ready to plug in to discover your system's MAC address, but if people are busy, the assignment of your IP address might not happen right away.

Be sure to supply the address of the appropriate interface(s). If you'll be connecting using just a wireless interface, the address of your hardwired Ethernet interface won't do any good. The DHCP server supplies an IP address only when it receives a request from a hardware address which is in its database.

• Smart phones: Use Google ("mac address android" or "mac address ios") to find instructions for looking up your phone's MAC address.
• Windows:
  you can find the hardware network addresses by opening a command (or DOS) window and typing the command

  IPCONFIG /ALL | MORE
  

  The hardware ethernet address (RJ-45/Ethernet Cable connection) is displayed on the line that starts with the phrase "Ethernet adapter Ethernet". The line will look something like

   Physical Address. . . . . . . . . : 12-34-56-78-9A-BC
  

  Be sure to get the one that corresponds to the network interface you want to register. There will be a separate section in the output for each card that's plugged into your system. Most Windows 2000 and newer systems will label the wireless connection "Ethernet adapter Wireless Network Connection". An entry for an Orinoco wireless card will include lines that look something like this, for example:

  Description . . . . . . . . . . . : !ORiNOCO PC Card (5 volt)
  Physical Address. . . . . . . . . : 12-34-56-78-9A-BC
  

• Linux:
  you can find the hardware network address by opening a terminal window and typing the command

  ip addr
  

  The hardware address is displayed on the second line, starting with "link/ether". The line will look something like

  2: eno1:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
      link/ether 12:34:56:78:9a:bc brd ff:ff:ff:ff:ff:ff
  
  

  Be sure to get the address that corresponds to the network interface you want to register. "lo" is the first "adapter" which is a loopback one, you DO NOT want that one. There will be a separate section in the output for each card that's plugged into your system. Unfortunately, there's no easy way to tell which network interface is which, so you might as well register them all.

• MacOS X:
  1. Open your "System Preferences" from the "Apple" menu.
     
  2. Choose "Network" from the list of preference categories.
     
  3. Select the "Ethernet" or "Airport" interface from the pop-up menu on the TCP/IP tab: Click on the "TCP/IP" tab. Choose "Built-in Ethernet" or "Airport" from the "Configure" drop-down menu.
  4. In both cases you will see a colon separated 12 digit alphanumeric code. It will be labeled "Hardware Address" or "Ethernet Address" for your ethernet MAC address, and "Airport ID" for your 802.11b (wireless) MAC address. Those are the addresses that we need.

     Your current "IP Address", so labeled, will also be reported (eg, 192.168.1.101). That is NOT the address we need.

     Alternatively, you could open terminal and type "ifconfig". In the output look for "en0" for the RJ-45/Ethernet cable connection. It will have an entry "ether" with the MAC address. "en1" should provide the same "ether" entry for the wireless card.

[back to form]

• Why do we do this?

By using a separate firewalled subnet, we're trying to provide some minimal protection against unauthorized network intrusions. The assignment of a specific IP address to each ethernet address makes it easier for us to track down a system that might be having problems. Also, submitting the form causes it to be entered into our trouble tracking system so we can keep track of address requests.

Unfortunately, when people bring in portables, we have no way of knowing what software might be running on them.

We are particularly concerned that unintentionally they might be running some hacker's password sniffer or other network intrusion software. There are many trojan horse programs which seem to do something useful or entertaining but also install software that does something quite inappropriate.

Another problem is that there are many security defects in the various operating systems. Most people simply do not have the time to keep up with all of the necessary patches. As a result, systems which have been connected to public networks often have been compromised without their owners noticing.

The router for the "LNS Protected" network limits the kinds of accesses that can be made to the lab's internal network and also tries to protect the systems on it from the external Internet. Unfortunately, it cannot protect those systems from one another.

By allocating a specific IP address to each registered MAC address, we can more easily determine which system might have been involved in inappropriate activities.

Also, this form creates an entry in our trouble-ticket tracking system, making it less likely to be overlooked.

• Privacy Statement
  

This information is intended strictly for our internal use. It will not be supplied to anyone else on a routine basis, although it may be necessary to disclose it in case of problems.

[back to form]

---

Note on Windows 7:

Because of security vulnerabilities, Windows 7 (and earlier versions of Windows) are NOT ALLOWED on CLASSE networks. Unauthorized use of Windows 7 will disrupt network connectivity for multiple CLASSE users (not just yourself). Therefore, we will immediately disconnect any Windows 7 (or older) systems detected on CLASSE networks.

[back to form]

---

Note 2:

Unfortunately, some SuSE Linux distributions seem to include a defective DHCP client. For some reason it ignores the responses from our DHCP server. Apparently /sbin/pump as shipped with RedHat v7.1 has similar problems. (We have the most experience supporting Red Hat and Scientific Linux distributions.)

As a workaround, use dhcpcd -d instead, or install the most recent pump distribution.

[back to form]