BlueArctos
asked on
Why do some universities ban the use of wired routers on their school networks?
I'm passing along this question from the son of a friend. He's attending university soon and has the following question:
My university bans the use of routers on its network. My roommate and I are good friends. We would like to network our computers (file-sharing). We also share a network-attached storage device and an IP printer. I understand why the school school bans _wireless_ routers in its residence halls: they tend to be improperly configured by clueless consumers. However, I was planning on using my D-Link _wired_ router to get my dorm room networked. The idea was to have the WAN port connected to the standard network jack in the room.
I've found two schools who provide public information regarding their bans on the use of routers. They write the following:
==========================
(University 1)
"Routers and wireless access points are not allowed in residence halls (they can interfere with network access for other residents).
--------------------------
What is the difference between a hub, a switch, and a router?
A router is too independent to cooperate well with the network, and so routers are banned in the residence halls. A router uses "Network Address Translation" (NAT) and does not work properly on the BU Residential Network; in fact, a router can bring network access for entire floors to a screeching halt. Instead, you want a "switch" or a "hub" -- different variations on the same theme, with the key point that they do not do their own network address translation. Good news: hubs and switches are less expensive than routers. "
AND (University 2)
"Routers: No routers are permitted to be attached to any portion of the campus network. Any devices which provide routing service for IP, IPX, or AppleTalk traffic will be immediately disconnected from the campus network for a period of not less than the duration of the current academic year. Windows XP has a configuration option under the Wireless Connection Properties, in the Advanced tab labeled as, "Internet Connection Sharing". This is a form of routing and is explicitely banned. Users who cause problems due to this configuration will face disciplinary action in addition to the loss of network connectivity for the system listed above.
Ethernet hubs, which attach multiple devices to a single network outlet, are not routers and may be attached to the campus network. It is important that all machines connected to a hub be registered with Data Communications.
Most operating systems do not provide routing functionality and are perfectly safe to attach to our network in any configuration. Some operating systems such as Windows NT, Windows NT Server, and most UNIX operating systems have the capability to provide routing functionality; for these operating systems, you should ensure that routing is not configured. Some operating systems (NetWare) and devices (terminal servers, commercial routers, etc.) act as routers by definition and are not permitted to be attached to the campus network unless explicit permission is obtained in advance from Data Communications.
Some software such as MARS which provides Netware services via UNIX machines also emulates routers or provide router-like functionality. As such, these applications are not permitted to be run on Residence Hall or Dedicated Remote Access systems.
Routers are generally used to connect multiple network segments together and should not be necessary for individual users on our campus. If misconfigured, routers can cause severe problems for all users on a network segment. Even if properly configured, routers can cause significant difficulties with the maintenance and support of network segments maintained by Computing Services. For these reasons, systems connected to the campus network in the residence halls are not permitted to act as routers."
==========================
With specific regard to the first University's IT quote, could someone substantiate the necessity of BANNING wired routers from University networks? They claim some issue with NAT, but doesn't NAT apply soley to the INTERNAL, PRIVATE network created by the router? How could that affect the universities' network stability? How could that bring an entire floor of service to a "screeching halt"?
-
Thanks
My university bans the use of routers on its network. My roommate and I are good friends. We would like to network our computers (file-sharing). We also share a network-attached storage device and an IP printer. I understand why the school school bans _wireless_ routers in its residence halls: they tend to be improperly configured by clueless consumers. However, I was planning on using my D-Link _wired_ router to get my dorm room networked. The idea was to have the WAN port connected to the standard network jack in the room.
I've found two schools who provide public information regarding their bans on the use of routers. They write the following:
==========================
(University 1)
"Routers and wireless access points are not allowed in residence halls (they can interfere with network access for other residents).
--------------------------
What is the difference between a hub, a switch, and a router?
A router is too independent to cooperate well with the network, and so routers are banned in the residence halls. A router uses "Network Address Translation" (NAT) and does not work properly on the BU Residential Network; in fact, a router can bring network access for entire floors to a screeching halt. Instead, you want a "switch" or a "hub" -- different variations on the same theme, with the key point that they do not do their own network address translation. Good news: hubs and switches are less expensive than routers. "
AND (University 2)
"Routers: No routers are permitted to be attached to any portion of the campus network. Any devices which provide routing service for IP, IPX, or AppleTalk traffic will be immediately disconnected from the campus network for a period of not less than the duration of the current academic year. Windows XP has a configuration option under the Wireless Connection Properties, in the Advanced tab labeled as, "Internet Connection Sharing". This is a form of routing and is explicitely banned. Users who cause problems due to this configuration will face disciplinary action in addition to the loss of network connectivity for the system listed above.
Ethernet hubs, which attach multiple devices to a single network outlet, are not routers and may be attached to the campus network. It is important that all machines connected to a hub be registered with Data Communications.
Most operating systems do not provide routing functionality and are perfectly safe to attach to our network in any configuration. Some operating systems such as Windows NT, Windows NT Server, and most UNIX operating systems have the capability to provide routing functionality; for these operating systems, you should ensure that routing is not configured. Some operating systems (NetWare) and devices (terminal servers, commercial routers, etc.) act as routers by definition and are not permitted to be attached to the campus network unless explicit permission is obtained in advance from Data Communications.
Some software such as MARS which provides Netware services via UNIX machines also emulates routers or provide router-like functionality. As such, these applications are not permitted to be run on Residence Hall or Dedicated Remote Access systems.
Routers are generally used to connect multiple network segments together and should not be necessary for individual users on our campus. If misconfigured, routers can cause severe problems for all users on a network segment. Even if properly configured, routers can cause significant difficulties with the maintenance and support of network segments maintained by Computing Services. For these reasons, systems connected to the campus network in the residence halls are not permitted to act as routers."
==========================
With specific regard to the first University's IT quote, could someone substantiate the necessity of BANNING wired routers from University networks? They claim some issue with NAT, but doesn't NAT apply soley to the INTERNAL, PRIVATE network created by the router? How could that affect the universities' network stability? How could that bring an entire floor of service to a "screeching halt"?
-
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Good point. Thanks Rob. I will advise router usage is fine provided the router is NEVER connected to the school's network. They'll have to suck it up.
Thanks BlueArctos.
They could use a simple hub or switch. Most universities do not mind this as both PC's MAC addresses would be added to the university data base and theoretically visible. However, if wanting to share files without making them available to the entire campus, they could enable the Windows firewall and under the scope options for file sharing, only allow the IP of the other computer. Many universities use reservations, so they are always assigned the same IP.
Cheers !
--Rob
They could use a simple hub or switch. Most universities do not mind this as both PC's MAC addresses would be added to the university data base and theoretically visible. However, if wanting to share files without making them available to the entire campus, they could enable the Windows firewall and under the scope options for file sharing, only allow the IP of the other computer. Many universities use reservations, so they are always assigned the same IP.
Cheers !
--Rob
On a related question:
So as predicted my roommate got her router banned recently. Yes it's against the rules, but at the same time we're frustrated the school network just doesn't extend to the dorm complex. So much for promising us free Wi-Fi on the school's dorm webpage.
I am using a Win 10 with anniversary update laptop that connects to the campus network through Ethernet. Conveniently Win 10 is built in with a mobile hotspot function. I am wondering if activating laptop mobile hotspot for connection to my other devices is also a form of routing. Will the school ban my laptop if I turn this hotspot on?
So as predicted my roommate got her router banned recently. Yes it's against the rules, but at the same time we're frustrated the school network just doesn't extend to the dorm complex. So much for promising us free Wi-Fi on the school's dorm webpage.
I am using a Win 10 with anniversary update laptop that connects to the campus network through Ethernet. Conveniently Win 10 is built in with a mobile hotspot function. I am wondering if activating laptop mobile hotspot for connection to my other devices is also a form of routing. Will the school ban my laptop if I turn this hotspot on?
I think that we have a nomenclature issue.
Mobile hotspot typically means using a cellular signal and creating a WiFi access point. So this completely bypasses the school network.
I suspect that what you mean your laptop can provide WiFi network access through its wired connection. In this case, your laptop is effectively a router. So the same concept applies as if you were using a router. A big difference is that the wired connection would show the traffic coming from the MAC address of your NIC. So if the universities method for identifying that you have a router is by identifying the OUI in the MAC address, then they would never know.
BTW, you could have also manually changed the MAC of your router and accomplished the same thing.
But if they are using more sophisticated methods of identifying a router is in use, then this approach wouldn't be of any benefit.
Mobile hotspot typically means using a cellular signal and creating a WiFi access point. So this completely bypasses the school network.
I suspect that what you mean your laptop can provide WiFi network access through its wired connection. In this case, your laptop is effectively a router. So the same concept applies as if you were using a router. A big difference is that the wired connection would show the traffic coming from the MAC address of your NIC. So if the universities method for identifying that you have a router is by identifying the OUI in the MAC address, then they would never know.
BTW, you could have also manually changed the MAC of your router and accomplished the same thing.
But if they are using more sophisticated methods of identifying a router is in use, then this approach wouldn't be of any benefit.
ASKER
I need to make a recommendation to his father. In your personal opinions, should I strongly suggest _against_ any sort of router usage? He works in systems administration for large networks which made this router ban particularly perplexing to him in particular. I stopped him from calling the school directly in favor of the experts here at EE.
Off the record, there's absolutely no chance this guy or his kid would wrongly configure a router. They live and breathe networking.
It makes sense that the network operators at these schools would ban the use of network devices such as routers. Dumb users make feedback loop connections and mis-configurations ridiculously common.
Is there ANY possibility (assuming mis-configuration is impossible and assuming the "cloned" network device would never appear simultaneously with a cloned router MAC) for the router to have a negative performance impact on the network?