Purpose
This standard outlines the requirements for the University of Oregon community to connect to the university's network. This standard normalizes the network as required by the Information Asset Classification and Management Policy (IV.06.02). The purpose of the requirements identified herein is to reduce risks to the confidentiality, integrity, and availability of University data and systems (information assets) and to protect the privacy of members of the university community.
Scope
This standard applies to the use of devices, not in university data centers, by which the UO community connects to UO wired and wireless network services.
Standard
All users with access to the UO wired and wireless network services shall meet the following minimum controls for protecting university information assets, for any additional information, please consult the Connecting to UO's Network article or reach out to Network Engineering team.
Standard Violation
In the event of a computer, printer, or other device causing problems on the network (hardware, software, configuration, or network problem) or is detected to have a virus or malware (security issue) or have an unaddressed security issue: Information Services (IS) may, at its discretion, disconnect or quarantine the offending device immediately to limit impact to other systems and users. We will attempt to reach the owner or administrator for said device to offer suggestions for remediation. (The Technology Support Desk can help remove malware, viruses and other issues that may be interfering with student, staff, or faculty ability to access the network).
Section 1 – Devices on the Network
- Network devices (switches, routers, hubs, etc.) may not be connected to the network without IS approval
- No DNS, DHCP, or other servers may serve network services that conflict with IS-provided network services
- The addition of wireless access points (dedicated devices or ad-hoc) onto the university's network is prohibited; No rogue or ad-hoc wireless access points may be installed
- Ad-hoc Wi-Fi networks include turning on Internet Connection Sharing services (a.k.a., hot spot) on computers having both wired and wireless interfaces
- It is prohibited to interfere with UO network's wireless signal
- It is prohibited to set up alternate networks for UO business without IS approval
For additional information, please consult the Connecting to UO’s network article.
Section 2 – Network Cabling
Cabling for all network devices must be installed by IS staff or an IS approved licensed electrical contractor. This includes horizontal and vertical cabling in walls and ceilings and patch cords in the network closet. End-users may install a patch cord from their workstation to the network jack if it is located nearby.
- Installing patch cords over a wall to an adjacent room or suspended across a room is a violation of fire code.
- When additional active network jacks are needed at a location:
- In many cases, existing nearby unused jacks can be activated. Submit a request for jack activation through the Wired Networking Support service page.
- If an area has insufficient jacks or all are in use (that is, additional cabling is needed to connect devices) please submit a request through the Wired Networking Support service page to obtain a cost estimate to provide sufficient wiring so that computers/devices are connected to network jacks in the same room. Please be sure to include the request to activate the jack after the wire is installed through the same form.
Section 3 – Network Systems
All building systems that depend on connectivity to the UO network will be required to receive approval from Information Services. These systems include, but are not limited to, building automation systems (BAS), electrical metering, audio/video, and access control/security. Each vendor or UO group that intends to connect a system to the UO network will need to provide detailed network specifications for each system. These specifications will be reviewed for approval by Information Services.
Below is a list of required specifications, recommended specifications, and unsupported features to consider when proposing a new system. This list is not exhaustive but is intended to serve as a starting point.
Requirements
- Must have an RJ45 Ethernet port
- Must support a star-based cabling topology
- Must support 100-Base-T Ethernet or greater
- Must support IPv4 networking
- Must support Unicast
- Must support Dynamic Host Configuration Protocol (DHCP)
Recommended:
- Supports IPv6 networking
- Supports 1000-Base-T Ethernet or greater
- Supports Multicast
- Supports Role Based Access Control (RBAC)
- Supports 802.1x
- Supports Access Control Lists (IP Filtering)
- Supports Stateless Auto Configuration (SLAAC)
- Supports Power Over Ethernet (PoE)
- Supports Link Aggregation Control Protocol (LACP)
Features not supported on the UO Network:
- Critical services should not solely rely on UO wireless only (e.g. building access controller, security systems etc.)
- While UO wireless is reliable, it is not guaranteed for wireless-only devices (unless approved)
- Devices that rely on broadcast only to function, should not be connected to the end-user network broadcast only systems
- Quality of Service (QoS)
- Serial-connected devices
- Fiber-only devices are not supported in the end-user network
- Daisy-chained or ring-cabling topology
Requesting Exceptions
In the event the standard cannot be achieved by reasonable means, you can request an exception by completing the Networking Support Request Help form.
Select Other and provide details in the Additional comments as to why the standard cannot be followed, the duration of the exception request and mitigating controls being put in place to meet the requirement.