Child pages
  • Tufts Guest Wireless (Unregistered Devices)
Skip to end of metadata
Go to start of metadata

Overview

The Guest Wireless Service is intended to provide wireless network accessibility to university guests. This new wireless network, (SSID:  tufts-guest) does not require advanced registration.  The network is provided for visitors and short-term guests (e.g. conference attendees, visiting lecturers, non-student, residents). The Tufts guest network has limited access to the Internet and our internal resources with more stringent bandwidth and lease duration settings than wireless for registered devices.

Limited Access

The Tufts guest wireless network is separated from the rest of the Tufts network with private addressing space (i.e. 130.64 is not in-use).  This service will provide general network connectivity (web browsing, web email, vpn, etc.) similar to commercial hotspots.

How to Connect

It is easy to connect to the Tufts guest wireless network, as it is intended to be a public service to visitors on our respective campuses.  A wireless device should see the wireless network SSID: tufts-guest and be able to connect instantly.

Technical Service Description

  • This new SSID (tufts-guest) will be "open" to wireless clients like other public wifi hotspots and registration will not be required.
  • There will be no restrictions for wifi protocol, as it will offer 802.11a/b/g/n (n where available) to Guest wireless users.
  • This service is intended to allow "open" client guest access, and as such there will no tie in to the TUNIS/Host Registration System to the Guest Wireless infrastructure. The wireless controllers will be directly providing IP address assignment through DHCP, and these addresses will be inaccessible in the Proteus and Host Registration systems.
  • Users wishing to access secure university assets, should continue to use the Tufts full wireless service via SSID "tuftswireless".
  • Since the wireless controller will be performing NAT between the client and the rest of the network including the Internet, no inbound services will be available to guest users.
  • Each device will have its bandwidth limited to 5Mbps download and 1Mbps upload.
  • Only a subset of IP Ports and Protocols will be allowed out the wireless controller to the rest of Tufts and the Internet (see chart).

Network Ports Allowed On Guest Wireless Service (SSID: tufts-guest)

Protocol

Port

Description

tcp

21

FTP—control (command)

tcp

22

Secure Shell (SSH)—used for secure logins, file transfers (scp, sftp) and port forwarding

tcp

53

Domain Name System (DNS)

udp

53

Domain Name System (DNS)

tcp

80

Hypertext Transfer Protocol (HTTP)

tcp

88

Kerberos—authentication system

udp

88

Kerberos—authentication system

udp

123

Network Time Protocol (NTP)—used for time synchronization

tcp

143

Internet Message Access Protocol (IMAP)—management of email messages

tcp

389

Lightweight Directory Access Protocol (LDAP)

tcp

406

Interactive Mail Support Protocol

tcp

443

HTTPS (Hypertext Transfer Protocol over SSL/TLS)

tcp

444

SNPP, Simple Network Paging Protocol (RFC 1568)

tcp

446

DDM-RDB

tcp

447

DDM-RFM

tcp

465

URL Rendesvous Directory for SSM (Cisco protocol)

udp

500

Internet Security Association and Key Management Protocol (ISAKMP)

tcp

587

e-mail message submission (SMTP)

tcp

636

Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

tcp

993

Internet Message Access Protocol over SSL (IMAPS)

tcp

995

Post Office Protocol 3 over TLS/SSL (POP3S)

tcp

1494

Citrix XenApp Independent Computing Architecture (ICA) thin client protocol

tcp

1723

Microsoft Point-to-Point Tunneling Protocol (PPTP)

tcp

1863

MSNP (Microsoft Notification Protocol), used by the .NET Messenger Service and a number of Instant Messaging clients – MSN Instant Messanger

tcp

3389

Microsoft Terminal Server (RDP) officially registered as Windows Based Terminal (WBT)

tcp

3653

Tunnel Setup Protocol

udp

3653

Tunnel Setup Protocol

tcp

5000

VTun—VPN Software

tcp

5050

Yahoo! Messenger

tcp

5190

ICQ and AOL Instant Messenger

tcp

5222

Extensible Messaging and Presence Protocol (XMPP) client connection --Google Talk (Jabber)

tcp

5223

Extensible Messaging and Presence Protocol (XMPP) client connection over SSL

tcp

5900

Virtual Network Computing (VNC) remote desktop protocol (used by Apple Remote Desktop and others)

tcp

8444

FireScope Management Interface.

tcp

10000

NDMP, Network Data Management Protocol.

ah protocol

 

Authentication Header

esp protocol

 

Encapsulating Security Payloads

gre protocol

 

Generic Routing Encapsulation