Restricted/Limited Access Network project meeting

Monday, April 15, 2013; 3:00 p.m.; AISB-208

Invited

Phil Benchoff, Jacob Dawson, Marc DeBonis, William Dougherty, Brian Jones, Ron Keller, Jeff Kidd, Philip Kobezak, Greg Kroll, Steve Lee, Randy Marchany, Christine Morrison, Rich Sparrow, Lucas Sullivan

Agenda

  1. Review action items and comments from 20130401 - April 1, 2013 RLAN Project Status Meeting
  2. IPv6 and RLAN; Are we supporting IPv6 on the RLAN networks?
    1. Does all the RLAN hardware/software support IPv6?
    2. If so have IPv6 addresses been allocated and configured?
    3. If configured has anyone tested it?
    4. IPv6 issues regarding whitelisting/blacklisting
  3. Updates on RLAN connection requests
    1. Status of University Registrar RLAN orders. Per Bill Blevins email CNS is waiting on approval from ITSO
  4. RLAN FAQ
  5. RLAN presentation at DCSS
  6. Open Forum

Attended

Jacob Dawson, Marc DeBonis, Brian Jones, Ron Keller, Philip Kobezak, Greg Kroll, Steve Lee, Bryant Sparks, Lucas Sullivan

Meeting Notes

  1. Review action items and comments from 20130401 - April 1, 2013 RLAN Project Status Meeting
    1. Action item: Phillip will talk with Steve Huff and get portal information for RLAN connections to CNS.
      1. Seems there was some confusion between the Bursar and Registrar's offices. Data in the ITSO webapp (IRON) are for connections for the Registrar's office. Phillip will contact Steve Huff again and get information about their portals into IRON.
    2. Action item: Greg will find out the status of FAQ document.
      1. In an exchange of emails Rich Sparrow agreed to contact Susan and see if recommended changes have been incorporated into the FAQ. Once done, Rich will be sure the information is posted to the appropriate websites.
  2. IPv6 and RLAN; Are we supporting IPv6 on the RLAN networks?
    1. Ron reported that a software update to the Virtual Routing and Forwarding (VRF) is required to support IPv6. Action item: After some discussion it was decided that the VRF software update would be done during break week in May 2013.
    2. Until the VRF software update is done the RLAN is blocking IPv6.
    3. Phillip reports that Stonesoft supports IPv6 but Fire Eye does not (Fire Eye just passes it along). Is this a show stopper for IPv6 support? Probably not since it does not block it and simply passes it along.
    4. IPv6 cannnot simply be ignored as there is chance of missing "stuff" going on, on the network. This may be a security risk. End users do not have the ability to change configurations so they should not be able to simply set up a new router for IPv6.
    5. One issue, if IPv6 is left on, is when a client passes an IPv6 address to look up and cannot reach an appropriate server on the RLAN network, the look up will revert to IPv4 and cause delays making the network seem like it is very slow.
    6. One suggestion is to turn on IPv6 on the RLAN network and use it internally to the RLAN network but block anything outbound.
    7. Another suggestion is to turn on RA Guard at every RLAN port. The IPv6 RA Guard feature provides support for allowing the network administrator to block or reject unwanted or rogue RA guard messages that arrive at the network device platform.
  3. Updates on RLAN connection requests
    1. Registrar=30, Bursar=36, Financial Aid=40
    2. See 1.a.i above.
    3. Bursar connections. CNS recommends doing a small number of connections at a time (maybe 5) and during the day so users can test their connection. There was a request to do the connections after 5:00 p.m. which means users will not test connections until the following morning. There is also a question about whether the Bursar's office wishes to pay overtime for installation after normal working hours. Action item: Brian will speak to William about this issue.
    4. Someone commented that there is a need for testing with a Macintosh computer.
  4. RLAN FAQ
    1. See 1.b.i above.
  5. RLAN presentation at DCSS
    1. No one has a specific time slot just to talk about RLAN. ITSO has a few slides and Marc will talk about CSDI.
    2. Assuming it is posted before DCSS someone may want to mention the RLAN FAQ.
    3. Action item: Greg will check with William and Randy about the desire to talk about (advertise) RLAN at DCSS.
  6. Open Forum
    1. What are our plans for this project after July 1, 2013 (end of pilot project)?
    2. Should we have a new project phase? New pilot? Pilot II?
    3. What about VPN for RLAN?
      1. The authorization piece (server) still needs work.
      2. Some work being done with VPN and Unified Communications is looking promising.
  • No labels