Guidelines for Private Wireless Access Points on MITnet
Overview
A user who deploys a wireless access point (AP) in a private space
should follow the guidelines below for choosing and configuring
equipment in order to minimize the potential for interference with
MIT's wireless infrastructure. Note that the possibility for interference
cannot be completely eliminated, and if it should interfere, then
privately owned equipment will have to be removed from service.
Choosing an
Access Point (AP)
Choose an AP That is 802.11b Compliant and WiFi Certified
Since the MIT wireless network infrastructure uses the 802.11b protocol
exclusively, private APs must be 802.11b-compliant products. Other
802.11 protocols or Bluetooth technology are not supported at this
time. The private APs should also be WiFi certified to minimize
interference with other 802.11b and wireless devices.
Wireless Routers
Many vendors are selling devices that are a combination of a wireless
access point, a router, and a switch. These devices are often referred
to as "Wireless Routers," "Wireless Broadband Routers"
or "Wireless Cable/DSL Routers." Please note that although
these devices have 802.11b wireless capability, they are also routers
and switches, which are prohibited on MITnet. If you purchase one
of these devices, you should be aware that it will not work on MITnet,
and use of such a device on MITnet is a violation of the Rules
of Use. If you wish to maintain your own wireless network, we
strongly encourage you to purchase a standalone wireless access
point, also referred to as a "Wireless Bridge."
[Back to top]
Configuring an Access Point
(AP)
Please refer to the documentation for your particular access point
for specifics on implementing these configurations. If you have
other questions, contact the MIT
Wireless Deployment Team.
Configure the AP to Use Channel 1 Only
Private APs should be configured to use Channel 1, and Channel 1
only for consistency with the IS&T deployment configuration and to
ease troubleshooting.
Do Not Use the Network Name (SSID) "MIT"
The SSID, or network name, "MIT" is reserved for IS&T-deployed
wireless network infrastructure extensions. Customers should configure
private APs to use a different SSID, preferably a descriptive name
unique in their area of coverage, such as "FooLab" or
"FloreyOffice". For station names or base station IDs,
IS&T recommends clients choose a descriptive and locally unique name,
such as "north-corner-AP".
Do Not Configure the AP as a "closed" or "hidden"
Network
Customers should not configure private APs to create what are referred
to as closed or hidden (wireless) networks. The section on "Privacy,
Security, and the MIT Network" in the Primer
elaborates a bit more about issues regarding this decision and related
security considerations are.
Do Not Configure the AP to Use Any Form of Network Address Translation
(NAT)
MIT network policy and guidelines do not allow the use of connection
sharing devices, such as hubs, switches, or routers that can create
back-end networks. Devices with hubs, switches, router and/or NAT
functionality built-in, including those that come with certain APs,
are not allowed to operate on the MIT network in these modes. It
is acceptable to use such devices on the MIT network if and only
if they can be switched to work in "bridge" mode, essentially
as an AP or wireless bridge only.
Do Not Configure the AP to Act as a DHCP Server
Since IS&T provides DHCP services, customers should disable DHCP server
functionality, if present, in private APs. Operating what is termed
a "rogue" DHCP server in this way disrupts DHCP services
for all users on the same subnet. With the AP in bridge mode, each
computer utilizing the AP is effectively on the MIT network, and
should be configured with its unique IS&T provided IP address (often
obtained through DHCP, from the MIT DHCP servers).
[Back to top]
Prohibitions
Do Not Configure a Wireless NIC to Serve as an AP
Some vendors provide software with their wireless NICs that allow
these devices, along with an Ethernet card also plugged-in to an
Ethernet network, to be used as what is called a software base station
or connection sharing mode. In other cases, built-in connection
sharing features in certain operating systems, such as Windows 2000,
coupled with an 802.11b and Ethernet NIC, operate in the same manner.
Such configurations are similar in essence to an AP device with
router and NAT (and often, also DHCP) functionality built-in, and
are not allowed on the MIT network under the same policy.
[Back to top]
Installation
Tips
Request an IP Address For the AP
Even though an AP operating in bridge mode does not need an IP address,
most APs on the market require an IP address for the AP alone to
be configured. This is often done to allow administering and configuring
the AP over the Ethernet network to which it is connected, typically
using some proprietary client software or a web browser interface
on a computer also on the Ethernet network. In such cases, customers
need to obtain a unique IP address for the AP alone.
Use Vendor Tools to Optimize AP Placement
Some APs and associated software come with basic tools to optimize
placement of APs, however, with multiple APs in large areas, this
process becomes rather difficult. Once again, customers considering
wireless deployments are encouraged to consult with IS&T and seriously
consider IS&T deployment.
Turn On Measures to Reduce Interference
Customers may opt to turn on measures for interference or microwave
robustness in private APs, should they find they decrease interference
and improve performance.
[Back to top] |
