Content Moved | Campus Network Device Configurationand Practice Standardization | University of Waterloo

Skip to the content of the web site.

Content Moved

Campus Network Device Configuration and Practice Standardization


Authorized Managers list

Radius Authentication





private management ip address

login banner

banner motd "~"
banner motd "***************************************************"
banner motd "This is an IST managed device"
banner motd "per"
banner motd "~"
banner motd "Console access may be provided for read-only functions."
banner motd "Configuration changes made via console must be coordinated with IST"
banner motd "***************************************************"
banner motd "~"

Spanning Tree and Loop Protection

Device firmware


Subnet Usage

See the report at


Hard coding IP addresses presents several challenges:

After discussion, launch a campaign to migrate the majority of computers to DHCP.

Dynamic IP addresses

Currently most IP addresses in use on wired networks within faculties are static assignments (whether issued by DHCP, or hard coded). Dynamic IP address assignment is permitted in private areas per ISTNSIPRequestsAndRegistrations, as needed. This allows immediate connectivity to the campus network in private areas, through a dynamic IP address, without having to engage campus IT staff to assign a permanent IP name/address (in cases where users do not require a fixed domain name/address).

After discussion, IST to configure dynamic IP ranges on all subnets serving private areas, to allow immediate connectivity for temporary and mobile equipment. For cases where authorization/authentication is needed, 802.1x port authentication can also be enabled.

Wired Authentication Networks

The existing wired authentication networks provide captive portal authentication, tunnelled to the central Aruba controllers.

After discussion, IST to migrate the wired authentication network to a conventional dynamic IP range, in a suitably sized subnet, and enable 802.1x wired authentication where appropriate.

One to One Patch Cabling

A review of Telecommunications Rooms will be conducted to determine current patch cable practices, and jack counts versus available switch ports. All new buildings use one to one patch cabling, where all wall jacks are made live, and jacks are connected in a one to one manner to switch ports of the same number (e.g. jack E04 would be connected to switch E, port 4). This is also called ZANI (Zero Administration Network Implementation), as the pre-provisioning of network service reduces ongoing day to day network service provisioning activities.

IST to review jack and port counts, and develop a priority and timetable to migrate to ZANI, at IST expense (parts and labour).

Mixed Aggregation Access Layer

In some cases, layer 2 aggregation switches also provide access layer service on the leftover ports. IST generally prefers the aggregation and access functions to be on separate devices.

IST to review shared access/aggregation switches, and develop a priority and timetable to separate these functions, at IST expense (parts and labour).

10 gigabit

The standard networking within faculties is 1 gigabit/second or 10/100. Incremental expansion of these networks will continue, at IST expense. When needed, IST will offer 10 gigabit/second connections from faculties to the core, at IST expense.

Traffic levels within most faculties currently do not justify wide scale 10 gigabit deployment. IST will monitor network interconnections, and consider link aggregation (multiple parallel 1 gigabit connections), and/or 10 gigabit as needed. Requests for individual 10 gigabit host connections will be at client expense for parts (modules, optics).

Network Topologies

Review network topologies, and develop and timetable and priority to upgrade as needed, at IST expense. The generally preferred topologies are below.


Diagram 1 Non Redundant Routing and Aggregation

This is generally used where the distances between the router and access layer switches exceeds CAT6 distance limits, and fibre is used between routing and aggregation. The network within the Faculty of Science uses this design.


Diagram 2 Non Redundant Routing, Combined Routing/Aggregation

This is generally used when the distances between the router and access layer are within CAT6 distance limits. The network within individual buildings, e.g. NH, often uses this design.


Diagram 3 Redundant Routing, Combined Aggregation

This adds redundancy to the design in Diagram 2. This IST machine room uses this design.


Diagram 4 Redundant Routing

This adds routing redundancy to the design in Diagram 1.


Diagram 5 Redundant Routing and Aggregation

This adds router and aggregation device redundancy to the design in Diagram 1. This design involves two levels where paths will be blocked by spanning tree (from routing to aggregation, and from aggregation to access). Math uses this design.