DirectConnect & UM’s Network

Access Control

University of Montana - Missoula

Adam Ormesher & Chase Maier

Background Information

We provide internet to about 3000 residents

All ten dorms are currently wired-only connections

NAT – Not enough forward facing IPs Outside connection managed by Central

IT – Not us

IP Address Pools Each residence hall has two designated

pools of IP addresses for use by clients.

“dirty pool” not registered or banned○ 10.247.__.__

“clean pool” devices which have been registered and are able to access the Internet and network resources.○ 10.248.__.__

Network Level Restrictions Each switch blocks outbound DHCP

Offers on all switch interfaces.A single exception is necessary allowing our

approved DHCP server to provide devices with leases.

This helps alleviate problems caused by students plugging in routers backwards which compete with our DHCP server.

Network Level Restrictions

Network Level Restrictions Rouge DHCP Example

Student Router Student Router

DCOHome - Uses

Custom web application containing:Residence Halls Switch Port ControlResidential DHCP Backend Data StoreStudent Housing Records

DCOHome – Student Info

Student Personal InformationStudent ID, NetID, Name, Email, Phone #

Housing InformationDorm & Room #

The above information is updated daily from Banner for students living in our residence halls.

DCOHome – Registration

Each device that is connected to the network is given a DHCP lease based on MAC Address.

Each device is assigned to an existing student.

Game consoles are manually registered by our employees.

DCOHome – Ban Methods Using the ban system we are able to:

Ban specific MAC Addresses

Ban all devices registered to a student.

Banned machines are returned to the “dirty pool.”

DCOHome – Ban Reasons Student conduct violations

DMCA violations

Network Impacting Infections

Malfunctioning hardware

Unauthorized hardware

DCOWeb – Overview

DCOWeb provides the following:

DHCP Server

Web Server

DNS Server

DCOWeb – DHCP Server

Developed using Java by our internal programming team.

Communicates with DCOHome using XML.

DCOWeb – Web Server

Contains pages with:Instructions to be followed to register.Commonly downloaded files.

○ Windows Service Packs○ .NET Installers○ Antivirus & Antimalware Utilities

DCOWeb– DNS Server

Computers in the “dirty pool” are assigned DCOWeb as their DNS server.

All DNS lookups sent to DCOWeb resolve to the IP of DCOWeb (10.248.242.55).

What is IP for “www.google.com”?

10.248.242.55 (DCOWeb)

Client In Dirty Pool DCOWeb

Overview

Student info

DHCP log

Port status

DHCP Server

DNS Server

Hosted Files

Client(Student machine)

DCOHome DCOWeb

DCOWeb – Mac Setup

DCOWeb – Windows Setup

Questions?

www.resnetsymposium.org/rspm/evaluation/