<'link rel="Edit-Time-Data" href="./20030521-switch_files/editdata.mso" /> Network Policy 20030922-switch

I. Title

A. Name: Policy on Use of Ethernet Switches at PennNet wallplates

B. Number:20030922-switch

C. Author(s): J. Edwards, M. Wehrle ISC N&T

D. Status: [ ] proposed [ ] under review [x] approved [ ] rejected [ ] obsolete

E. Date proposed: 2003-05-21

F. Date revised:

G. Date approved: 2003-09-22

H. Effective date: 2003-10-14


II. Authority and Responsibility

Information Systems and Computing's Networking organization is responsible for the operation of PennNet (Penn's data networks) and therefore has the authority and responsibility to specify requirements for any devices connecting to PennNet. This authority extends to the device type in the case of networking electronics such as a router, repeater, or switch. It also extends to certain configuration parameters of a device that could adversely impact other parts of the network.

III. Executive Summary

This policy specifies the conditions under which an Ethernet switch may be connected to a PennNet wallplate. It also provides "best practice" recommendations to guide the network user in deploying switches appropriately.

IV. Purpose

The purpose of this policy is to identify the locations and circumstances in which an Ethernet switch may be connected to a PennNet wallplate. While multi-port Ethernet switches can be convenient in providing access to multiple networked devices in locations where only one PennNet wallplate port is available, use of switches in certain situations can cause significant problems (see V. Risk of Non-compliance). This policy allows the network user to take advantage of the convenience of multi-port switches in cases where doing so will not adversely affect the provision of network service to others.

V. Risk of Non-compliance

Improper use of switches can cause significant problems (poor performance, communication failure, etc.) for other users of PennNet. Additionally, it can make troubleshooting the network more difficult and time consuming.

VI. Scope

This policy does not apply to repeaters, which are addressed in the Repeater policy at http://www.isc-net.upenn.edu/policy/approved/19991022-repeater.html.

Restrictions on the use of Ethernet switches apply to all standard PennNet wallplates in locations where ISC N&T provides support. Network wallplates that are provided and supported by organizations other than the University's central networking organization may not be covered directly by this policy. Network users are advised to check with their local LSP if uncertain.

VII. Statement of policy

  1. ISC Networking provides support up to the wallplate only, and therefore will not be responsible for the operation of the switch or any local associated wiring with the LAN(s) unless installed by ISC Networking for specific temporary purposes, such as traffic profiling or troubleshooting.
  2. All switches that are configured with an IP address, including addresses from the non-globally routable ranges, must comply with the Policy on the use of PennNet IP address space at http://www.net.isc.upenn.edu/policy/approved/20000124-ipaddress.html.
  3. Remote network access (i.e. any access other than from the console) to privileged accounts (e.g. root, Administrator) must use Strong Authentication by no later than July 1, 2005.
  4. Switches cannot be connected to more than one point on the PennNet side of the demarcation point as this may have negative service implications within the building network (eg, broadcast storms).
  5. The switch and all associated station wiring must remain in the same room with the physical wallplate.

VIII. Recommendations and Best Practices

The following related practices are strongly recommended by ISC Networking, towards a more efficient network.
  1. All available data ports on wallplates should be activated for PennNet service and put to use before the network user resorts to the use of a switch on that wallplate. Use of wallplate ports rather than switch ports will provide the user with more bandwidth, lower contention, and more advanced features that will become increasingly important as new applications are deployed.
  2. Switches connected to PennNet wallpates should connect no more than twelve (12) devices to a PennNet port connected at 100mbs. Building networks are designed to maximize efficiency and performance based on certain assumptions about network node and traffic density.
  3. Associated wiring should be kept out of walking paths to reduce risks of accident.
  4. The use of switches should not be specified or substituted into a building (re)wiring design, such as in an attempt to reduce the number of wire pulls to a location or office. If there is a need for larger networking coverage areas, consult with ISC N&T before any wiring begins.
  5. Where new wiring centers and pathways are being provided as part of a construction project, an opportunity to install new wiring should always be taken. ISC Networking is responsible for managing all new wiring installations.
  6. Switches that are configured for remote network management access (ie, other than access from the console) should be considered critical hosts and should comply with the critical host policy at http://www.isc-net.upenn.edu/policy/approved/20000530-hostsecurity.html.
  7. To minimize points of failure or compromise, critical hosts should be directly connected to a PennNet wallplate.

IX. Compliance

A. Verification: ISC Networking does not plan to actively police the network in an effort to discover non-compliant switches, but will act on those discovered during the normal course of events in operating and/or troubleshooting the network.

B. Notification: Notification shall be made to the LSP for the area. Whenever possible and practical, the user of the switch-connected node(s) will also be notified.

C. Remedy: Remedy will be the immediate removal of out-of-compliance switches. Interim solutions to retain connectivity may be available through your local computing support and/or ISC Networking.

D. Financial Implications: The network user will be responsible for the costs of any new port activations, new wiring, interim solutions, or switch upgrades, and any charges defined by the troubleshooting policy at http://www.isc-net.upenn.edu/policy/approved/20020827-troubleshooting.html.

E. Responsibility: Responsibility for remedy lies with the network user or the users' department. In the vast majority of cases, the area LSP will have involvement in the implementation of the remedy.

F. Time Frame: Non-compliant connections must be remedied immediately to reduce risk of networking failures for other network users. Interim solutions, which may involve having the network user rent ISC-owned equipment, should be made available by ISC Networking (where possible and with the cooperation of the network user) within 2 business days to allow the network user to continue to receive service. Final solutions should be implemented within 30 days.

G. Enforcement: Please see the Policy on Computer Disconnection from PennNet at http://www.upenn.edu/computing/policy/disconnect.html

H. Appeals: Please see the Appeals section of thePolicy on Computer Disconnection from PennNet at http://www.upenn.edu/computing/policy/disconnect.html

X. References

IEEE standard 802.3 CSMA/CD Access Method

IEEE standard 802.1D MAC Bridges

The Policy on Computer Disconnection from PennNet