this post was submitted on 07 Sep 2024
471 points (92.7% liked)
Technology
59689 readers
3753 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Not all that surprising. I don’t know of any network manager who’d happily allow rogue routers on their network, particularly if you still have it configured as a DHCP device and not a pass through device, which most college students do not consider and will very much disrupt campus network performance.
Why does the dhcp on the router affect the main network? I'd think if it has its own network the main network would only need to deal with the router, as opposed to all the devices connected to the router if it was passthrough?
Ah! I just saw you specified if it’s configured for pass through. If it is configured for pass through, then yeah it likely won’t cause issues on the network. The DHCP server is the critical bit.
From a network management perspective, though, they still won’t want these because you have to trust all these college students are going to properly configure their devices - most of them won’t know how and won’t bother figuring it out. And then you still have the issue of a bunch of unmanaged access points to your network, which is just poor security.
Yeah a simple little unmanaged switch would solve all these issues for about $20 and probably wouldn't break the ToS.
Yeah. I think OP’s issue is they may have a few devices that are wireless only. Not sure of the best way to handle those.
Ah yeah just saw they specifically want to connect a VR headset wirelessly. I'm not real sure how to approach that either, if there's any kind of port on the headset at all they could potentially adapt it to RJ45 but that defeats the whole point.
If a wireless connection is a must OP is just going to have to disable SSID broadcast, restrict it to certain MACs, and try to lock it down as much as possible and hope for the best. If they do it right it'll won't interfere with other devices and no one will ever know.
I didn't, that's just bad grammar. Edited the comment
Because that router will be broadcasting DHCP signals and offering IPs, conflicting with the authorized DHCP servers on the network. This wiki article will probably explain it better. I’m not so good with the words a such.
Here’s hoping these downvoters aren’t in charge of any networks. Not really sure what part of “a router is a DHCP server” you geniuses don’t understand.
A consumer router only operates DHCP on the LAN side. Presumably one would plug the WAN side into the university network, making this a non-issue.
Some of my other replies address that. Worked in IT on a college campus, and every class will have at least a few clueless users who just plug the cables into the LAN ports.
Makes sense. Would that not be trivially mitigated by just blocking dhcp responses from unapproved servers on the switch though?
Should be, yes. At that point it’s a question of how well the network was configured. I’d hope this wouldn’t be much of an issue these days - I did graduate from college in 2011, and I’m sure (hopeful) campus networks have improved since my student IT job days. These days my router config experience is from the ISP side. The only private network I’m responsible for is my own, thankfully!
I went to college in the mid-late 2010s and I recall they specifically banned WiFi routers, but when I checked what they meant specifically all they cared was that it didn’t broadcast on the 2.4 or 5 ghz spectrum and if it was all wired I was fine.
Definitely makes sense - security concerns aside, the less crowded the broadcast space, the happier all the APs are.
I don't know much about networking but that page seems to be about someone else setting up a dhcp server without the knowledge of the administrators or the users. In op's case the concerns about mitm attacks don't apply and the other concerns sound like problems that could arise in cases of misconfiguration or if the users aren't aware they're connected to a different network. I also couldn't see anything about it affecting the main network's performance
I mean, it’s all right there in the first two paragraphs. Keep in mind that by DHCP server we aren’t talking about something specifically set up by people with malicious intent. A home router is a DHCP server when not configured for pass through. Students who don’t know how routers actually work (we can’t all be IT nerds, lol) plug them into their dorm Ethernet jack, and now you’ve got an unauthorized device offering IP addresses that conflict with the authorized DHCP servers, which can quickly start causing issues with any new devices trying to connect to the network, and existing devices as their DHCP leases expire. Also keep in mind that we’re talking about a college network that will likely have local network resources for students like shared drives that would not be accessible to anyone connecting through the rogue device. Your IT department will quickly start getting complaints about the network that are caused by an access point you have no control over.
I see, I thought routers knew not to do dhcp on the Wan port
Typically they do. Which is great until you get a student who doesn’t understand WAN vs LAN and plugs both connections into the LAN ports. Never underestimate the power of a Stupid User.
They do know enough to not send DHCP leases upstream..
If you plug the dorm ethernet jack into the LAN side of a consumer router, there's a chance they don't.
Sure, you can catch this if you watch the dhcp leases your router is handing out, but..
I'm assuming OP is at least smart enough to know that the port that's on its own/a different color/somehow different from the others is the one that goes into the wall. It sounds like they have at least that level of competence.
I’m sure OP is given the more technical nature of Lemmy users. But this thread is about the average college student with no networking knowledge.
ETA: Sorry that I specified you weren’t talking about the same thing the rest of us were in this thread.
Which is all well and good until you get someone who plugs both connections into the LAN ports.
Downvoting just because I pointed out a scenario you didn’t think of isn’t so classy.
No. I'm downvoting because your first comments stated it will happen if the router is set up to offer leases. Not that it could happen if a user ignores the quick start guide that says "plug this port into the wall." Then got all pissy with that other guy who pointed out that your article was about DHCP servers, not routers.
I’m not getting pissy about anything. That’s projection on your part, reading a tone that wasn’t there. Just because you’re in a bad mood today doesn’t mean the rest of the internet is.
I'd be happy to set my device to passthrough mode, but I think the ISP prevents peer-to-peer connections (which my laptop would make to the VR headset) unless you buy one of their plans for Chromecast/smart TVs. Would that prevent it from working? And would I still be able to connect multiplw devices despite their one-device limit?
It’s hard to say without knowing all the details of how the college configures their network. Back when I was in college, I had a student job with the campus’ IT department, and students running into issues getting all their devices connected was a regular issue at the start of every year.
The main problem with most college networks is that you’ve typically got an enterprise setup that’s also having to double as home internet service for those living on campus. Depending on when the network was built it was likely only planning for students to have a laptop, maybe a desktop too, as opposed to modern times when just about every electronic device has an internet connection.
Some things just may not work like they did at home.
That's fair yeah. In my case the dorms are a separate unrelated company from the uni (they just have a partnership) and the ISP is yet another third party that did the install and sells extras to each student. I think it's pretty scummy since I read my whole dorm contract and it never said this would be a condition to the "free fast wifi" access.
Is there a limit to the number of devices allowed to connect that this rule is trying to enforce?
Either way, if the vr headset doesn't need internet connection you could connect your computer to the internet wirelessly and to your own router via cable for vr.
Eww, yeah, that sounds like a crappy setup to milk more money from students with no other option - especially if you’ve got student aid requiring you to live in school housing.
You may want to see about getting your own wireless carrier internet service. Not the best solution, but at least it would be yours and unrestricted.
I'm only staying for a semester (via Erasmus, or what remains of it post-Brexit) so while I did consider this I don't think it's very viable.
Fair enough. My recommendation would be set the router to pass through and see if it works. Just secure the wireless network created by your AP - be a responsible network policy violator!
I don’t really have any other ideas that wouldn’t involve additional hardware, which doesn’t make much since give the short time you’ll be there.