Please register your personally owned devices with Cornell's Red Rover or Eduroam wireless networking services, not here. Red Rover and Eduroam are available in all three of the buildings used by CLASSE: Newman Lab, Wilson Lab and the Physical Sciences Building. Red Rover registrations for people without NetIDs are valid for only 21 days during each semester. However, you can request a Cornell GuestID which allows access for at least a year. More information about Red Rover and Eduroam is available at https://it.cornell.edu/wifi
If you have determined that Red Rover and Eduroam are not appropriate for your use and you need to use a networked device on CLASSE's internal network, please fill out the form below so we can expedite your connection. Note that you will need to provide a research justification and a WBS to charge.
The further in advance we're notified, the better prepared we can be. A week's notice would be about right [expl #2]. Some clarification about the information we need is below the form, along with an explanation of why we do this.
The form gets sent as an email message to members of the CLASSE computer group and is logged in our trouble-tracking system. The information you provide is intended strictly for the Lab's internal use. It will not be supplied to anyone else on a routine basis, although it may be necessary to disclose it in case of problems.
You'll be contacted to confirm your connection.
After submitting the form, you should receive an automated confirmation email. If you do not receive any confirmation, then your request was not submitted successfully. Please try again or email firstname.lastname@example.org directly.
Please let us know who you are. Many people are only at Cornell briefly and are not known to most of the members of our computer group.
Also, please supply an email address where we can contact you.[back to form]
Please tell us whenever you plan to come to CLASSE with a portable computer. The further in advance we're notified, the better prepared we can be. A week's notice would be about right. Prior commitments may cause a day or more of delay if you wait until you get here to let us know you need a connection.
Do not expect to be able to get a CLASSE network connection if you show up unexpectedly on Friday afternoon for a weekend meeting. We do monitor various aspects of our network hardware and know immediately when something has been connected inappropriately.
Also, please do not bother using the acronym "ASAP". People have too many different meanings for it, so we have to ignore it. Please specify a date.
Please let us know when you leave, too. Unfortunately, we only have a limited number of protected network switch ports. We probably will have to give the network switch port you'll be using to someone else in another room.[back to form]
You can't just plug in anywhere. Your laptop will connect to CLASSE's network only if you use a wall jack that is connected to CLASSE's "LNS Protected" subnet. Many of CLASSE's wall jacks are connected to other networks and cannot work for you.
Similarly, CLASSE's wireless network only works within a few locations in CLASSE's buildings and only where Cornell's Red Rover wireless service is not available. If you want to use a wireless connection elsewhere on campus (including the Physical Sciences Building), you must register your system with the campus network services. (See http://www.it.cornell.edu/wifi/
In the Physical Sciences Building, if you want to use CLASSE's printers, you either must register your laptop's wired (ethernet) interface for use on the CLASSE network and use an appropriate ethernet wall jack or you must use CLASSE VPN software. Red Rover's wireless services do not provide direct access to LEPP's printers.
We need to know where you'll be located so we can activate an appropriate wall jack. Of course, with the crowded situation during the various collaboration meetings and during the summer, it may be impossible to know in advance where there'll be room for you.
Normally a member of the CLASSE computer group will have to run some cables to activate a specific network socket in your office. That socket has to be connected to a port on the ethernet switch used by the protected subnet.[back to form]
This will help us plan for the kinds of resources you might need.[back to form]
The "LNS Protected" subnet uses DHCP to supply a specific IP address and other network information (like gateway and nameserver addresses) to each portable client. You will need to configure your system to "Obtain IP address from DHCP server" or "Get IP address automatically".
For accountability, addresses on the "LNS Protected" network are assigned statically, not randomly. We need to know the hardware address of your network card in order to be able to assign an IP address. (The hardware address is also known as the MAC address, short for Media Access Control, not Macintosh.) This address is a 12 character hexadecimal number which looks something like 12:34:56:78:9a:bc. A member of the CLASSE computer group will assign a unique IP address to this hardware address. Sometimes we can wait until you are ready to plug in to discover your system's MAC address, but if people are busy, the assignment of your IP address might not happen right away.
Be sure to supply the address of the appropriate interface(s). If you'll be connecting using just a wireless interface, the address of your hardwired Ethernet interface won't do any good. The DHCP server supplies an IP address only when it receives a request from a hardware address which is in its database.
IPCONFIG /ALL | MOREThe hardware ethernet address (RJ-45/Ethernet Cable connection) is displayed on the line that starts with the phrase "Ethernet adapter Ethernet". The line will look something like
Physical Address. . . . . . . . . : 12-34-56-78-9A-BCBe sure to get the one that corresponds to the network interface you want to register. There will be a separate section in the output for each card that's plugged into your system. Most Windows 2000 and newer systems will label the wireless connection "Ethernet adapter Wireless Network Connection". An entry for an Orinoco wireless card will include lines that look something like this, for example:
Description . . . . . . . . . . . : !ORiNOCO PC Card (5 volt)
Physical Address. . . . . . . . . : 12-34-56-78-9A-BC
ip addrThe hardware address is displayed on the second line, starting with "link/ether". The line will look something like
2: eno1:Be sure to get the address that corresponds to the network interface you want to register. "lo" is the first "adapter" which is a loopback one, you DO NOT want that one. There will be a separate section in the output for each card that's plugged into your system. Unfortunately, there's no easy way to tell which network interface is which, so you might as well register them all.
mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 12:34:56:78:9a:bc brd ff:ff:ff:ff:ff:ff
Your current "IP Address", so labeled, will also be reported (eg, 192.168.1.101). That is NOT the address we need.
Alternatively, you could open terminal and type "ifconfig". In the output look for "en0" for the RJ-45/Ethernet cable connection. It will have an entry "ether" with the MAC address. "en1" should provide the same "ether" entry for the wireless card.
By using a separate firewalled subnet, we're trying to provide some minimal protection against unauthorized network intrusions. The assignment of a specific IP address to each ethernet address makes it easier for us to track down a system that might be having problems. Also, submitting the form causes it to be entered into our trouble tracking system so we can keep track of address requests.
Unfortunately, when people bring in portables, we have no way of knowing what software might be running on them.
We are particularly concerned that unintentionally they might be running some hacker's password sniffer or other network intrusion software. There are many trojan horse programs which seem to do something useful or entertaining but also install software that does something quite inappropriate.
Another problem is that there are many security defects in the various operating systems. Most people simply do not have the time to keep up with all of the necessary patches. As a result, systems which have been connected to public networks often have been compromised without their owners noticing.
The router for the "LNS Protected" network limits the kinds of accesses that can be made to the lab's internal network and also tries to protect the systems on it from the external Internet. Unfortunately, it cannot protect those systems from one another.
By allocating a specific IP address to each registered MAC address, we can more easily determine which system might have been involved in inappropriate activities.
Also, this form creates an entry in our trouble-ticket tracking system, making it less likely to be overlooked.
This information is intended strictly for our internal use. It will not be supplied to anyone else on a routine basis, although it may be necessary to disclose it in case of problems.[back to form]
Because of security vulnerabilities, Windows 7 (and earlier versions of Windows) are NOT ALLOWED on CLASSE networks. Unauthorized use of Windows 7 will disrupt network connectivity for multiple CLASSE users (not just yourself). Therefore, we will immediately disconnect any Windows 7 (or older) systems detected on CLASSE networks.
Unfortunately, some SuSE Linux distributions seem to include a
defective DHCP client. For some reason it ignores the responses
from our DHCP server. Apparently
shipped with RedHat v7.1 has similar problems.
(We have the most experience supporting Red Hat and Scientific Linux distributions.)
As a workaround, use
dhcpcd -d instead,
or install the most recent pump distribution.