Content Moved | Campus Network Device Configurationand Practice Standardization | University of Waterloo

Skip to the content of the web site.

Content Moved

Campus Network Device Configuration and Practice Standardization

OSPF

Authorized Managers list

Radius Authentication

ssh

logging

802.1x

time

private management ip address

login banner

banner motd "~"
banner motd "***************************************************"
banner motd "This is an IST managed device"
banner motd "per http://ist.uwaterloo.ca/ns/mgmt"
banner motd "~"
banner motd "Console access may be provided for read-only functions."
banner motd "Configuration changes made via console must be coordinated with IST"
banner motd "***************************************************"
banner motd "~"

Spanning Tree and Loop Protection

Device firmware

SNMP

Subnet Usage

See the report at https://istns.uwaterloo.ca/networksize/networksizeorg.html

DHCP

Hard coding IP addresses presents several challenges:

After discussion, launch a campaign to migrate the majority of computers to DHCP.

Dynamic IP addresses

Currently most IP addresses in use on wired networks within faculties are static assignments (whether issued by DHCP, or hard coded). Dynamic IP address assignment is permitted in private areas per ISTNSIPRequestsAndRegistrations, as needed. This allows immediate connectivity to the campus network in private areas, through a dynamic IP address, without having to engage campus IT staff to assign a permanent IP name/address (in cases where users do not require a fixed domain name/address).

After discussion, IST to configure dynamic IP ranges on all subnets serving private areas, to allow immediate connectivity for temporary and mobile equipment. For cases where authorization/authentication is needed, 802.1x port authentication can also be enabled.

Wired Authentication Networks

The existing wired authentication networks provide captive portal authentication, tunnelled to the central Aruba controllers.

After discussion, IST to migrate the wired authentication network to a conventional dynamic IP range, in a suitably sized subnet, and enable 802.1x wired authentication where appropriate.

One to One Patch Cabling

A review of Telecommunications Rooms will be conducted to determine current patch cable practices, and jack counts versus available switch ports. All new buildings use one to one patch cabling, where all wall jacks are made live, and jacks are connected in a one to one manner to switch ports of the same number (e.g. jack E04 would be connected to switch E, port 4). This is also called ZANI (Zero Administration Network Implementation), as the pre-provisioning of network service reduces ongoing day to day network service provisioning activities.

IST to review jack and port counts, and develop a priority and timetable to migrate to ZANI, at IST expense (parts and labour).

Mixed Aggregation Access Layer

In some cases, layer 2 aggregation switches also provide access layer service on the leftover ports. IST generally prefers the aggregation and access functions to be on separate devices.

IST to review shared access/aggregation switches, and develop a priority and timetable to separate these functions, at IST expense (parts and labour).

10 gigabit

The standard networking within faculties is 1 gigabit/second or 10/100. Incremental expansion of these networks will continue, at IST expense. When needed, IST will offer 10 gigabit/second connections from faculties to the core, at IST expense.

Traffic levels within most faculties currently do not justify wide scale 10 gigabit deployment. IST will monitor network interconnections, and consider link aggregation (multiple parallel 1 gigabit connections), and/or 10 gigabit as needed. Requests for individual 10 gigabit host connections will be at client expense for parts (modules, optics).

Network Topologies

Review network topologies, and develop and timetable and priority to upgrade as needed, at IST expense. The generally preferred topologies are below.


netexample3.bmp

Diagram 1 Non Redundant Routing and Aggregation

This is generally used where the distances between the router and access layer switches exceeds CAT6 distance limits, and fibre is used between routing and aggregation. The network within the Faculty of Science uses this design.


netexample5.bmp

Diagram 2 Non Redundant Routing, Combined Routing/Aggregation

This is generally used when the distances between the router and access layer are within CAT6 distance limits. The network within individual buildings, e.g. NH, often uses this design.


netexample4.bmp

Diagram 3 Redundant Routing, Combined Aggregation

This adds redundancy to the design in Diagram 2. This IST machine room uses this design.


netexample2.bmp

Diagram 4 Redundant Routing

This adds routing redundancy to the design in Diagram 1.


netexample1.bmp

Diagram 5 Redundant Routing and Aggregation

This adds router and aggregation device redundancy to the design in Diagram 1. This design involves two levels where paths will be blocked by spanning tree (from routing to aggregation, and from aggregation to access). Math uses this design.