Engineering Computing report to CNAG November 2004
- Spanning Tree - Spanning tree protocol was re-enabled on all
of our switches July, 2004. Although we do not have any redundant
links within the network, spanning tree is still useful to protect
against human error. A script was also developed to consult the ona
database and set Cisco's faststart spanning tree setting
on all single client ports (and ensure the setting was off
on all trunk ports). This script can be run for other departments
Cisco switches on ona, upon request. ona has been modified to
automatically add a new vlan to the default spanning tree "s0"
when it creates a new vlan on an Extreme switch, as the default on BD, Alpine and si
switches is to leave spanning tree disabled on new vlans.
- Audio Visual and classroom1net - (See
October Report). Staff from AV, IST, SciComp, CSCF and EngComp
met October 19 and concluded that trunking the existing classroom1net from the
IST core into Eng, Sci, and DC was the preferred solution. To keep
the procedures for installing AV equipment simple, Engineering Computing
will:
- Deliver, upon request, classroom1net to any ona managed vlan capable switch (which has spanning tree enabled).
- If no such switch is available in the area needed, EngComp will
install one.
- AV VBrick
(also see May 2004
CNAG minutes) - Security settings on Nexus Windows XP machines
block the streaming video. Rob Schmidt of IST has determined
the
ports needed for Quicktime streaming. Once these ports were openned on
the workstation, EngComp staff were able to watch a test video that AV
was playing. Also running a
Darwin Streaming Server (see install docs)
to permit further testing without having to ask AV to run the VBrick. A test
video is here
for the short term. Note that only unicast tests have been done to date.
- Wireless - Remote who and kickoff feature added to the
Network Authentication Appliance (NAA)
to permit IST to map client IP address to userid in real time, and optionally
disconnect systems showing evidence of port scanning etc, based
on analysis of network flow data, etc. This will help streamline the
process of detecting, notifying, disconnecting and
blacklisting compromised wireless clients. This will augment
the existing
automated intrusion detection supported by the NAA.
- qos and multicast assessment - (See
October Report). Planning to test some multicast
and qos applications in a controlled environment. In the meantime, some baseline latency/jitter/loss data
is being collected
here
- Extreme equipment failures in DC - (See
October Report). Discussions continue with Extreme.