large campus network ... sugestions

To: debian-security@lists.debian.org
Subject: large campus network ... sugestions
From: "Tirla Adrian" <tirlaadi@gmail.com>
Date: Fri, 14 Dec 2007 21:16:36 +0200
Message-id: <[🔎] 446399850712141116n7341f4f7rc0803aadb6f04737@mail.gmail.com>
In-reply-to: <446399850712140847o15bf155atcfbf2f137cebdd02@mail.gmail.com>
References: <446399850712140157j7e237ec7l343598574614b3df@mail.gmail.com> <[🔎] 446399850712140304k1ef38b17t30737d62b1ec169b@mail.gmail.com> <47626AE9.9010804@st-andrews.ac.uk> <446399850712140847o15bf155atcfbf2f137cebdd02@mail.gmail.com>

hello Ian,

On Dec 14, 2007 1:37 PM, Ian McDonald <iam@st-andrews.ac.uk> wrote:
> I'm quite happy to explain how/what we do, and what we'd like to do.
>
> You're going to have to get some managed switches though. Your hands are
> tied otherwise.
>

I would like to hear your solution. I would like to say that changing
equipment into the internal networks of the buildings is quite out of
the question because there are a little bit over 150 switches of 24
ports that i know of (without management); there may be other private
switches and wireless routers, private property of the students.

Anyways i would like to hear your solution if it is not a problem for you.

My ISP suggested also changing all the internal switches and use
802.1x port-based Network Access Control, but the University rejected
the proposal (not due to lack of founds ... too much work to do may be
???).

>
> You could/can PPPoE, and there's client support in Windows/MacOS/Linux,
> but you'll need some horsepower on the servers to terminate all the
> tunnels.
>

I looked into PPPoE some time ago because a local ISP here is using
this type of authentication. I don't remember where i read / who told
me, that PPPoE is vulnerable to sniffing by installing a PPPoE daemon
which listens to broadcasts of connecting users, so i dropped the
idea.

If you have used such method of authentication could u please tell me
the hardware that you used and the minimum number of clients connected
to that server ? I'm interested to make an idea of what hardware i
should poses.

If my authentication method is safe i would leave all ports open and
traffic shape them or something like this. I would keep the proxy just
for caching of websites. Authentication is imposed due to legal issues
and attacks. Recently we had some problems with local authorities due
to some students, which of course spoofed their IPs and MACs.

By horsepower to terminate the tunnels you refer in case if i keep on
limiting the available services, right ?

>
> Where are you based?
> --

I'm based in Romania. I wouldn't make public my University name, but
if you want to know it for yourself it is no problem (just say it).

> ian
> Network Manager, University of St Andrews.

I would really like to know how a real campus network should look like.

I'm looking forward for your answer.

Adrian TIRLA

Reply to:

References:
- large campus network ... sugestions
  - From: "Tirla Adrian" <tirlaadi@gmail.com>

Prev by Date: Fwd: large campus network ... sugestions
Next by Date: large campus network ... sugestions
Previous by thread: Fwd: large campus network ... sugestions
Next by thread: Re: large campus network ... sugestions
Index(es):
- Date
- Thread