Cornell University Cornell Information Technologies

802.11 Wireless (WiFi) Data Network Operation Requirements

These operational requirements apply to any 802.11 wireless device that provides access to Cornell's data network, regardless of University office or University funding source.

1. All 802.11 wireless devices must comply with all relevant University Policies.
• http://www.cit.cornell.edu/oit/PolicyOffice.html
• NOTE: Installation sponsors are obligated to understand these policies and to assure the installed network is in full compliance.
2. In cases where multiple 802.11 wireless networks conflict, preference will be given to CIT production wireless services.¹ NCS staff will be made available to help engineer non-conflicting services when technically possible.
3. At this time all 802.11 services must provide a WPA and/or WPA2 security mechanism. Until further review, non-secure services may also be provided if they are provided in parallel with the WPA/WPA2 service and adequate end user notification of risks is clearly promulgated. Use of any alternative security strategy requires the written approval of the IT security office.
4. No wireless access point may operate without being registered² and all devices must broadcast identifying SSID(s). In addition, all system³ SSIDs must be unique and appropriate, and are subject to review and approval by CIT.
5. Wireless systems⁴ that do not restrict total access to fewer than 20 devices and/or systems allowing unregistered guest devices to attach also require:
• A written service description and support plan to be approved by the IT Security Office, NCS and the Office of the Vice President for Information Technologies.

Compliance Monitoring:

Upon CIT being notified of compliance violations, device owners will be contacted using established security notification processes. NCS and the IT Security Office will work in partnership with the device owner to rectify the operational and security concerns.

 

---

¹ 802.11 wireless networks use shared public radio spectrum. In cases of spectrum conflicts (cordless phones, lab equipment, etc.) every effort should be made by impacted parties to amicably address interference problems. In cases where consensus cannot be achieved, the Vice President for Information Technology will convene a wireless spectrum arbitration committee for final recommendations.

² Registration will require: SSID names, responsible party and relevant contact information, sponsoring university office / department, location of network, and MAC/IP address for Access Points.

³ A system may be a wireless service comprised of more than one access point.

⁴ Divisions using multiple Access Points are still subject to the total "system" limitation of 19 supported devices. Contrived configurations, such as the use of multiple APs and SSIDs to work around the 19 device rule, are not allowed. When in question, NCS will be the final authority on judging a "system's" size.

Related Links

• IT Security Office
• IT Policy Office
• Office of Information Technologies