Contents Computing at Cornell Home Page Site Index Search
Contents About: Services Policies Security News Help For: Students Faculty Staff Technical Support Providers CIT Contact List 		 
Computing at Cornell Resources for Technical Support Providers

Network Registration Support for Cornell Visitors

Information for Network Administrators

See related information for visitors and departments hosting visitors.

I. Host registrations for a visitor

A host registration may have an e-mail address listed as the owner. There are three restrictions:

  1. There must be visitor information on file about the e-mail address (see below).
  2. A visitor's e-mail address may not be a cornell.edu e-mail address.
  3. The host registration must have an expiration date set.

II. Visitor registry

A registry of visitor e-mail addresses is kept, including all e-mail addresses used as primary users of computers. Included is the following information:

  • Name
  • E-mail address
  • Cornell department or unit visited
  • Length of visit
  • Purpose of visit
  • Date of data entry
  • Source of data (netid, etc.)

Currently, the information is retained for one year beyond the expiration or removal of any host registered to the visitor. Thus, a NetAdmin need not constantly reregister returning visitors in order to reregister their computers.

III. Netadmin's free hand

The registry requires certain information fields, but empowers NetAdmins to manipulate a visitor's information rather freely. For example, if one NetAdmin has registered a visitor's information, any NetAdmin across campus can update that visitor's information. This empowers NetAdmins to maintain data regarding visiting individuals who are using the facilities of multiple departments, etc. However, "replaced" visitor information is not overwritten: it is kept in a log and updates by a NetAdmin are identified to that NetAdmin.

IV. Self registration for visitors

NetAdmins can choose to keep visitor registration for their subnets in their own hands, or to allow visitor self-registration, which enables visitors to come and go with no NetAdmin intervention. In all cases, NetAdmins receive the normal notification of host registrations and changes.

Two approaches to visitor systems:

  1. A local netadmin always registers guests directly in DNSDB, and does not want any other guests on the department's network(s).
    • Visitor Pool Access set to NO.
    • Could still have a dynamic pool that accepts regular CU registrations.
  2. Otherwise
    • Visitor Pool Access set to YES.
    • In conjunction with a dynamic pool, this means that any computer with with a regular or visitor registration will have access, even if the initial registration was on another subnet.
    • If you want anyone to be able to self-register as a visitor, leave Visitor Registration Passcode blank.
    • If you want to regulate who can self-register as a visitor, set a Passcode and distribute appropriately.
    • If you want to allow visitors, but not allow registration on the subnet, set a Passcode and don't distribute it.

Typical scenario for self-registration:

  1. Visitor gets on, is prompted with Cornell Network Registration.
  2. Visitor fills out information; information about the visitor and their computer is filed, and the network is reconfigured.
  3. Visitor reboots, gets on network in normal fashion (no longer prompted for Cornell Network Registration).
  4. Visitor freely uses network (available until midnight that night)
  5. Visitor receives confirmation notice, with URL.
  6. Visitor uses URL to confirm their registration.
  7. At this point, the visitor can use their computer for the time they specified when they registered, up to three weeks.
  8. The registration expires.

Keep in mind that NetAdmins are empowered to register computers for visitors, and set expiration dates at any interval required.

V. Subnet options controlling visitor access

A subnet controlled by CIT DHCP has the following options, displayed and set on the DNSDB subnet page.

  1. Visitor Pool Access: no | yes
    allow/disallow visitor access to the subnet.
    For example, if the subnet has a dynamic pool that allows 'known' addresses, and this is set to 'allow', then a computer registered to a visitor (i.e., the primary user is indicated by an e-mail address) can use the pool. If set to 'disallow', such a user will be treated as 'unknown'.

  2. Visitor Reg Passcode: passcode
    This field is only visible to the NOC
    If visitors are allowed, and the subnet has a registration pool, then visitors can register, under the control of the subnet's passcode. Setting a passcode means a visitor cannot self-register without it, allowing departments to select who they allow to register. If no passcode is set, registering visitors are not prompted for a passcode and anyone can register as a visitor.

VI. Tools for NetAdmins

  • visitor.cgi - create/edit an entry, or search for one by e-mail.

  • visitors.cgi - list all visitors.

  • confirmations.cgi - list all outstanding confirmation "offers" to visitors. With this page, a NetAdmin can confirm the visitor's information, with identical results to the visitor's own confirmation, i.e., up to three weeks use of their computer.
______________________________________

Please send questions to hostmaster@cornell.edu
Report violations to security@cornell.edu
Use our feedback form to send comments about this web page
Last modified: June 04, 2007