Restricted/Limited Access Network project meeting

Monday, January 13, 2014; 3:00 p.m.; AISB-208

Invited

Phil Benchoff, Jacob Dawson, Marc DeBonis, Brian Jones, Ron Keller, Philip Kobezak, Greg Kroll, Steve Lee, Randy Marchany, Rich Sparrow, Lucas Sullivan, Brad Tilley

Agenda

1. Scheduling of test new test ports to be configured
2. Scheduling the remainder of the ports from the Pilot groups to be reconfigured
3. Discussion of needed procedures for adding additional groups
4. Discuss maintenance windows
5. Discussion of testing for RLAN to be delivered thru the VOIP phone connection. This may be a good time to discuss since William and Brian will be at the meeting at the same time
6. ITSO needs a SPAN of the border RLAN traffic

Attended

Phil Benchoff, Jacob Dawson, Brian Jones, Ron Keller, Philip Kobezak, Greg Kroll, Steve Lee, Randy Marchany, Rich Sparrow, Lucas Sullivan, Brad Tilley

Agenda

1. Scheduling of test, new test ports to be configured
   1. For Student Services users.
   2. Set ports to just RLAN.
   3. Ron can make the necessary changes as soon as noon tomorrow (1/14/2014).
2. Scheduling the remainder of the ports from the Pilot groups to be reconfigured
   1. These would probably be done in larger groups of 20 or more users at once.
   2. Not sure how soon this needs to be done. Rich will contact Ron when needed.
3. Discussion of needed procedures for adding additional groups
   1. Brian and Christine Morrison are working on a completing an MOU for this purpose. Desired in order to formalize adding new groups to RLAN.
   2. Pricing should already be nailed down. Contact Bill Blevins for pricing.
4. Discuss maintenance windows
   1. What should be advertized/announced to users?
   2. There was some discussion about the need/desire for separate maintenance announcements from CNS for the network and ITSO for IDS/IPS.
   3. It was agreed to have one avenue for maintenance announcements and to use the VT-DNET LISTSERV. Action item: The ITSO will send Phil Benchoff a list of employees that can/should post to the VT_DNET LISTSERV.
      1. Done 14 Jan by PB and RBT
   4. There is a long-standing, historical maintenance window of 3-7am Tuesdays and Thursday. It was agreed to use this window for RLAN maintenance. Any scheduled maintenance outside this window must be announced.
   5. CNS and ITSO agreed to coordinate and/or inform each other of any planned RLAN maintenance.
5. Discussion of testing for RLAN to be delivered thru the VOIP phone connection. This may be a good time to discuss since William and Brian will be at the meeting at the same time
   1. This topic deferred until next meeting when William will be attending.
6. ITSO needs a SPAN of the border RLAN traffic
   1. To clarify, this is the RLAN border, between the RLAN and the regular university network.
   2. The purpose is so the ITSO can detect malware before it gets filtered by RLAN border hardware.
   3. Ron agreed to let Brad know before this is done so the ITSO knows what is happening when they begin seeing this traffic.
   4. Use "netrecon" to get switch, port information. If this is not the information Phillip is looking for let Ron know.
7. Open forum
   1. It was suggested that we open outbound RLAN traffic to specific IP address ranges for a department in order to make it easier to restrict them at a later date.
   2. This is being called the "transition phase" of the RLAN project where we will temporarily open outbound traffic.
   3. Brad mentioned that most other places use a blacklist on a "blessed" DNS server to stop drive-by infections. We should give serious thought to building a blessed DNS server inside the RLAN and force clients to use it.