ECE Sysadmin Wiki

User Tools

Site Tools

Trace:
userdoc:find_nw_info

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
userdoc:find_nw_info [2008/10/22 16:40] pralluserdoc:find_nw_info [2021/06/10 10:28] (current) prall
Line 1: Line 1:
 +====== ECE Computer Network information ======
 +
 +The ECE department operates our own large and complex wired computer network, with over 20 class C subnets, about 2500 network outlets, and more than a thousand client computers in six buildings.
 +
 +As you can imagine, this is a lot to keep track of. We ask the cooperation of all network users for some simple courtesies:
 +
 +  * Please use only the network address assigned to you by our network staff.
 +  * Never re-assign IP addresses between machines. 
 +  * Never guess new IP addresses by trial and error! 
 +
 +For computers on Tier-1 **and** Tier-2 networks **you must not select your own IP address; you have no way of knowing if we have assigned a specific IP address to another computer!**
 +
 +Guessing IPs usually leads to other innocent users experiencing interruptions to their network access when your wild guess collides with their legitimate, officially assigned IP address. 
 +
 +Please send email to ECEhelp ( //ecehelp at ece.utoronto.ca// ) ...
 +  * when you need to relocate a computer to a different network outlet,
 +  * when you receive a new computer that you want to connect to the network,
 +  * when a computer now on the network is being taken out of service.
 +
 +
 +===== Appropriate Use of Information and Communication Technology =====
 +
 +Use of the network is subject to University policies and regulations. Terms of use and access are spelled out at our
 +[[userdoc:policies|policies page]].
 +
 +
 +===== How to find your IP and MAC address =====
 +
 +At times we may ask you to find the "MAC address" of your computer's network interface (this is nothing to do with Apple Macintosh - it's an acronym). To find the MAC address on a Windows PC:
 +
 +  * In the Start menu, choose "Run"
 +  * In the Run box, type "cmd" and press ENTER
 +  * at the command prompt, type "ipconfig -all" and ENTER
 +  * in the response, find the section for "fast ethernet" or "gigabit" (for your wired interface); note the 'physical address' which is in the form 00-01-23-4a-5b-6c.
 +  * if you have a laptop, it may also have a wireless interface. This has its own separate MAC address. For this, find the section heading that mentions wireless.
 +Include this information in your email to ECEhelp.
 +
 +The output of "ipconfig" will also tell you what IP address your computer is currently using. This may be set manually in the Network properties window, or it can be assigned automatically by our network if you select "obtain address automatically." This is our preferred configuration.
 +
 +If you have MacOSX or Linux, you can find the MAC address at the shell command prompt in a terminal window (Xterm, console, etc.) using the command
 +
 +**ifconfig -a**   
 +(you may have to give the full path **/sbin/ifconfig -a** )
 +Find the section for the wired ethernet card, typically assigned the name "eth0", "hme0" or something else ending in zero.
 +The MAC address should appear in the form 00:01:12:23:3a:4b
 +
 +===== Verifying network connectivity =====
 +
 +If your IP address starts with "128.100" or "142.150" or "142.151", then you are on the UofT network. If it starts with 169, you did not get a network connection and Windows has created a random non-routing address for ad-hoc networking - not useful here.
 +
 +If you are unsure of your network connection, note the "gateway" address in the ipconfig information, and at the command prompt, type:
 +
 +ping 128.100.mmm.nnn
 +
 +using the gateway address. If you get responses from the gateway, your connection is set up properly. If not, and you've confirmed that the cable is connected and the interface shows being "up", then one common problem is if your network port is assigned to a different subnet or "VLAN" than the correct one for your IP address. Contact ECEhelp to resolve this problem.
 +
 +
 +===== Port Security =====
 +
 +Many areas within ECE employ “port security” on the network switches, in which each network port is assigned a limited number of computers which are permitted access, based on their MAC addresses; all other devices are prohibited from connecting via that port. This enables us to ensure that only computers authorized to be on an ECE network are connected. We are in the process of expanding port security to cover more network switches and rooms, with the ultimate goal of applying it on all network ports across the department.
 +
 +===== Firewalls =====
 +
 +We operate a few network firewall systems that secure our departmental computer network resources from the rest of the university (and beyond). These firewalls allow outgoing connections but restrict incoming connections to only designated services on specific hosts, such as our web-servers, mail servers, VPN, and remote SSH access to specific Solaris or Debian Linux servers.
 +
 +There are also separate firewalls in front of the two subnets that have been designated for “Tier 2” self-supported systems, namely 128.100.23.0/24 and 128.100.241.0/24. These subnets are protected from the outside world, but they are topologically “outside” the main firewalls protecting the Tier 1 subnets. This means users on a Tier 2 subnet do not have unlimited access to computers on Tier 1. The connections available are limited to those accessible from outside, plus a small number of exceptions, described below.
 +
 +
 +
 +
 +
 +===== ECE-VPN (ECE Virtual Private Network) =====
 +
 +ECE operates our own departmental firewall between our network and the main UofT backbone network. This blocks all inbound connections with specific exceptions for access to web servers, email, and a limited number of hosts open for SSH or other specific connection types.
 +
 +We also operate our own Virtual Private Network to give access across our firewall from outside. Note that this is a separate VPN than the UTORvpn service operated centrally for all of UofT. Use of UTORvpn gives you access to library and journal subscription resources but does not give access past the ECE departmental firewall -- only our ECE VPN does that.
 +
 +Any research user with current affiliation with ECE may request a login on the ECE VPN - email ecehelp at ece.utoronto.ca and let us know your status and the name of your supervisor.
 +
 +When your VPN account is set up, you may connect to it by following [[http://www.comm.utoronto.ca/~jli| the VPN instructions specific to your O/S version]].  Note that this requires knowledge of a pre-shared secret, which is accessible by faculty and staff on our internal website.  Grad students can ask their supervisor's administrative coordinator to check on their behalf, at [[https://internal.ece.utoronto.ca/it-services/wireless-network-connections/|the ECE internal website]]
 +
 +
 +===== Mapping drives and accessing printers on Tier-1 networks =====
 +
 +Department firewalls will permit computers connected via ECE-VPN to "map network drive" of our ECE unix servers using Samba protocol, and to access Tier-1 printers (for users with login accounts on Tier-1 research group computers).  Instructions for various configurations [[http://www.comm.utoronto.ca/~jli| are available here ]].
 +
 +===== Windows Remote Desktop (RDT) =====
 +
 +Department firewalls will permit computers connected via ECE-VPN to use Windows Remote Desktop to connect to a Windows PC at the university.
 +Here's how to set it up:
 +
 +Here at the university, enable remote access on your Windows PC:
 +  * Make sure your login here has a password assigned; you can't RDT to a login with a blank password
 +  * Check that your account is enabled for remote desktop: right-click on My Computer, choose Properties, and click the Remote tab. If needed, type in your login name, click "check names", then click "Add."
 +  * Record your computer's IP address.  (See [[userdoc:find_nw_info#how_to_find_your_ip_and_mac_address|How to find your IP and MAC address]], above.)
 +From your off-campus computer,
 +  * Begin by connecting to the ECE-VPN, then
 +  * Start the Remote Desktop connection and specify your university PC's IP address as the host name to connect to.
 +
 +
 +===== SSH servers accessible from outside of ECE =====
 +
 +Departmental firewalls prevent unauthorized access to computers within ECE.
 +Only a limited number of Tier-1 computers are accessible via SSH, including:
 +
 +=== COMM ===
 +  * alpha.comm.utoronto.ca
 +
 +=== CONTROL ===
 +  * alfheim.control.utoronto.ca
 +
 +=== EECG ===
 +  * anubis.eecg.toronto.edu
 +  * bastet.eecg.toronto.edu
 +  * ra.eecg.toronto.edu
 +  * seth.eecg.toronto.edu
 +  
 +=== ENERGY ===
 +  * energy.ele.utoronto.ca
 +
 +=== PHOTONICS ===
 +  * comet.light.utoronto.ca
 +  * photonics.light.utoronto.ca
 +  * rocket.light.utoronto.ca
 +
 +=== VRG ===
 +  * mail.vrg.utoronto.ca
 +
 +=== WAVES ===
 +  * emserver.waves.utoronto.ca
 +
 +
 +
 +===== Self-managed SSH servers =====
 +If you are on Tier_2 or Tier_3, you may choose to run an SSH server. You should ensure your system is configured securely, with up-to-date patches for sshd, and have strong passwords for all logins. Consider enabling a security software package such as tripwire, and use iptables if you only need to grant access to specific addresses. 
 +
 +==== SSH to Tier_2 ====
 +
 +For Tier_2, users may specify if they want their own workstations or servers to be accessible via SSH. Email updates to **ecehelp@ece**
 +
 +
 +==== SSH to Tier_3 ====
 +
 +Computers on Tier_3 are "outside" of the ECE firewall and are neither protected nor blocked by it. All Tier_3 IP addresses are open for SSH from anywhere on the internet.
  
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki