Computer Laboratory

The CL network

The CL network

Wireless network not shown, System Research Group network not shown, PABX no longer used.

What the network looks like

a switchThe Computer Lab network is connected via a router to the Cambridge University Data Network (CUDN). This has a connection to the Joint Academic NETwork (JANET), and thence to the Internet as a whole.

Our router also acts as a central switch – it has fast connections to a filestore and various other machines, and also connects to a set of switches distributed around the building. There are one or more switches in each of the 6 wiring closets on each floor. Each connection on the switches is connected to a patch panel, and the patch panel also has connections into all of the offices (this is known as structured wiring).

So, the network appears in offices as a set of 4 RJ45 sockets (ie similar to those used by telephones) in the floor boxes which also house power sockets. A few areas without false floor have the sockets presented on wallplates instead.

Similar technology and much of the same wiring network is also used for office telephones.

There is also a wireless network which is intended to be available throughout the building.

We also have a few direct links to our router e.g. to Microsoft Research.

... and how to connect to it from outside

See How to connect to the Lab at the IP level and How to SSH into the Lab.

Structured wiring

The RJ45 sockets in the floor boxes are not enabled by default – the wires from the sockets lead back to patch panels in a number of wiring closets and the connections within those patch panels need to be set up by a system administrator.

Please do not rearrange connections to sockets yourself:

  • a connection may not be enabled on the socket you plug into.
  • a connection of the wrong sort (ie telephone) could be enabled on the socket you plug into (and this is potentially damaging to the equipment).
  • a connection may be enabled on the socket you plug into, but it may be to the wrong VLAN (see below).
  • fault finding is difficult if our documentation concerning what is connected where is out of date.

If you need a socket enabled we have a web form for you to fill in – go to Request a network connection and fill in the details requested.

If you no longer require a connection could you remember to email sys-admin so that the switch port can be reused.

Note that we do not wish hubs or local switches to be connected to the floorbox sockets.

The wireless network

There are several wireless networks available in the William Gates Building. For full details see Wireless Networks available in the Computer Lab.

The (802.11b/g) wireless network is intended to be available throughout the building. There are currently 22 access points. The physical access points provide more than one logical network, so there are different ESSIDs for different purposes. At the moment wireless lan connectivity is only available to staff and research students.

If you wish to request a connection go to our web forms page – select Request a network connection and fill in the details requested.

The Computing Service have a wireless service called Lapwing. This is visible in the William Gates Building in addition to the areas mentioned on their web page.

We also have a courtesy wireless internet service for visitors to the building without the AUP constraints of the CUDN and JANET.

VLANs

We operate several VLANs (Virtual LANs) on top of our physical network. This is mainly for security purposes. Thus a switch connection needs to be placed in the correct VLAN or the machine will not be able to connect correctly.

Although there are several dozen VLANs in total, only a handful of them are routinely used for desktop machines. Some of the larger research groups have their own VLANs. However most people will only meet two – the primary departmental network for managed machines and the one for unmanaged user machines. Traffic between VLANs passes through the central router, which may impose access restrictions.

The CUDN and JANET

All the machines in the Computer Laboratory are used subject to the conditions of the University Information Strategy and Services Syndicate (ISSS). In particular use of the CUDN connection implies acceptance of the JANET Acceptable Use Policy. One major consequence of this is that commercial use of the network is explicitly banned. Another (indirect) consequence, specifically of the ban on the creation or transmission of material which is designed or likely to cause annoyance, inconvenience or needless anxiety, is that SMTP is blocked, see Mail relaying for details.

You should also be aware that the department is charged real money for traffic that goes to and from sites outside the University. For most normal research requirements this need not concern you as the charges are covered centrally. Excessive network use is likely to be noticed and investigated. See the Computing Service page on Usage charging for network traffic for details.

The .al network

In order to make provision for user-owned machines, usually laptops, we operate an "alien" network. This is a network for machines which from the point of view of the main lab network behave as if they were on the CUDN but outside the lab. In other words, untrusted user-managed machines placed in their own subdomain, *.al.cl.cam.ac.uk.

It not intended for running services, and is offered on a "best efforts" basis, ie we will try to help with any problems as best we can, but make no promises and will not make it a priority. It is not integral to the functioning of the department.

Concerning external access, what we offer as a policy may be summarised as:
Outbound – maximum safe
Inbound – minimum necessary
(where inbound and outbound refer to the conceptual direction of initiation of the connection rather then the physical direction of individual packets.)

What this means is you get a dynamic address, DNS, DHCP, very restricted incoming, SMTP only via our MTAs, most outgoing. The external access restrictions are necessary because we are held responsible for the activities of machines using our IP addresses.