i If you are not redirected automatically, follow the link to Network Policies
SLAC logo Policy and expectations for the SLAC Visitor and Wireless networks. Network logo
Les Cottrell Page created: February 11, 2002. Last Update: 21 November, 2011 (Les Cottrell). Version 1.2
SLAC Welcome
Highlighted Home
Detailed Home
This page provides the policies and expectations for the Visitors subnet at SLAC.

General guidelines for all SLAC subnets

Visitor subnet

For more on the Visitor's network, see: The SLAC Visitor Network.
  1. The Visitors subnet is located outside the SLAC firewall. Thus its security is the same as connecting to an ISP. It is the responsibility of users of the Visitors subnet to protect their communications, e.g. by using a Virtual private Network (VPN). Do NOT use applications (such as POP/IMAP/FTP/telnet) that will put unencrypted passwords onto the network.
  2. The Visitors subnet is meant for light casual use, including mobile SLAC user, visitors such as occasional collaborators, conference/meeting attendees, vendor demonstrations, and people not registered at SLAC.
  3. We monitor the utilization of the Visitor subnet looking for capacity issues, so we can add more capacity when needed. We also scan it for vulnerabilities such as unencrypted passwords.
  4. Like other networks at SLAC, the Visitor network receives best effort service. If a critical problem is reported we will try and address the issue in a timely fashion. Priority for addressing problems will naturally go to networks which are more critical to the SLAC mission.
  5. The Visitor subnet is different from other subnets:
  6. Given the above caveats, do not place mission critical applications on the Visitor subnet.
  7. SLAC supported printers can be accessed from the visitor's subnet using printserv.slac.stanford.edu (alias lpd01), see Printing using LPR in Windows.
  8. Hosts on the visitor network that are seen as possible 'scanning hosts', including those that might be running SKYPE as a supernode (or some other P2P software) will be put in the penalty box and have their network speed and throughput drastically reduced.

Wireless access policy

Anyone interested in deploying: must contact SLAC Networking (email to net-admin with the relevant information) before initiating any such purchases or starting any SLAC 802.11 deployment planning.

Mission critical applications must use the wired network.

Currently Wireless Access Ports (WAPs) are only placed on the Visitor subnet and so fall under the policies and expectations above.

WAPs for new installations are funded from group/department budgets. After purchase, the WAPs are owned, configured, supported and maintained centrally.

Discussion on wireless access

Since the available wireless spectrum is shared, it is inherently impossible to guarantee performance and reliability levels for wireless networking. Furthermore higher priority will be given to supporting the wired network since it supports mission critical applications (see above).

Dedicated resources are needed at SLAC to support surveys of wireless strengths by location, trouble-shooting, new installation planning and spectrum optimization. Other items to be aware of include:

It is thus critical to: For more information on the wireless network see: Wireless Networking at SLAC.
[ Feedback | Reporting Problems ]
Owners: Les Cottrell and Antonio Ceseracciu