Engineering Computing report to CNAG November 2004

• Spanning Tree - Spanning tree protocol was re-enabled on all of our switches July, 2004. Although we do not have any redundant links within the network, spanning tree is still useful to protect against human error. A script was also developed to consult the ona database and set Cisco's faststart spanning tree setting on all single client ports (and ensure the setting was off on all trunk ports). This script can be run for other departments Cisco switches on ona, upon request. ona has been modified to automatically add a new vlan to the default spanning tree "s0" when it creates a new vlan on an Extreme switch, as the default on BD, Alpine and si switches is to leave spanning tree disabled on new vlans.
• Audio Visual and classroom1net - (See October Report). Staff from AV, IST, SciComp, CSCF and EngComp met October 19 and concluded that trunking the existing classroom1net from the IST core into Eng, Sci, and DC was the preferred solution. To keep the procedures for installing AV equipment simple, Engineering Computing will:
  • Deliver, upon request, classroom1net to any ona managed vlan capable switch (which has spanning tree enabled).
  • If no such switch is available in the area needed, EngComp will install one.
• AV VBrick (also see May 2004 CNAG minutes) - Security settings on Nexus Windows XP machines block the streaming video. Rob Schmidt of IST has determined the ports needed for Quicktime streaming. Once these ports were openned on the workstation, EngComp staff were able to watch a test video that AV was playing. Also running a Darwin Streaming Server (see install docs) to permit further testing without having to ask AV to run the VBrick. A test video is here for the short term. Note that only unicast tests have been done to date.
• Wireless - Remote who and kickoff feature added to the Network Authentication Appliance (NAA) to permit IST to map client IP address to userid in real time, and optionally disconnect systems showing evidence of port scanning etc, based on analysis of network flow data, etc. This will help streamline the process of detecting, notifying, disconnecting and blacklisting compromised wireless clients. This will augment the existing automated intrusion detection supported by the NAA.
• qos and multicast assessment - (See October Report). Planning to test some multicast and qos applications in a controlled environment. In the meantime, some baseline latency/jitter/loss data is being collected here
• Extreme equipment failures in DC - (See October Report). Discussions continue with Extreme.