Overview
The Guest Wireless Service is intended to provide wireless network accessibility to university guests. This new wireless network, (SSID: tufts-guest) does not require advanced registration. The network is provided for visitors and short-term guests (e.g. conference attendees, visiting lecturers, non-student, residents). The Tufts guest network has limited access to the Internet and our internal resources with more stringent bandwidth and lease duration settings than wireless for registered devices.
Limited Access
The Tufts guest wireless network is separated from the rest of the Tufts network with private addressing space (i.e. 130.64 is not in-use). This service will provide general network connectivity (web browsing, web email, vpn, etc.) similar to commercial hotspots.
How to Connect
It is easy to connect to the Tufts guest wireless network, as it is intended to be a public service to visitors on our respective campuses. A wireless device should see the wireless network SSID: tufts-guest and be able to connect instantly.
Technical Service Description
- This new SSID (tufts-guest) will be "open" to wireless clients like other public wifi hotspots and registration will not be required.
- There will be no restrictions for wifi protocol, as it will offer 802.11a/b/g/n (n where available) to Guest wireless users.
- This service is intended to allow "open" client guest access, and as such there will no tie in to the TUNIS/Host Registration System to the Guest Wireless infrastructure. The wireless controllers will be directly providing IP address assignment through DHCP, and these addresses will be inaccessible in the Proteus and Host Registration systems.
- Users wishing to access secure university assets, should continue to use the Tufts full wireless service via SSID "tuftswireless".
- Since the wireless controller will be performing NAT between the client and the rest of the network including the Internet, no inbound services will be available to guest users.
- Each device will have its bandwidth limited to 5Mbps download and 1Mbps upload.
- Only a subset of IP Ports and Protocols will be allowed out the wireless controller to the rest of Tufts and the Internet (see chart).
Network Ports Allowed On Guest Wireless Service (SSID: tufts-guest)
...
Protocol
...
Port
...
Description
...
tcp
...
21
...
FTP—control (command)
...
tcp
...
22
...
Secure Shell (SSH)—used for secure logins, file transfers (scp, sftp) and port forwarding
...
tcp
...
53
...
Domain Name System (DNS)
...
udp
...
53
...
Domain Name System (DNS)
...
tcp
...
80
...
Hypertext Transfer Protocol (HTTP)
...
tcp
...
88
...
Kerberos—authentication system
...
udp
...
88
...
Kerberos—authentication system
...
udp
...
123
...
Network Time Protocol (NTP)—used for time synchronization
...
tcp
...
143
...
Internet Message Access Protocol (IMAP)—management of email messages
...
tcp
...
389
...
Lightweight Directory Access Protocol (LDAP)
...
tcp
...
406
...
Interactive Mail Support Protocol
...
tcp
...
443
...
HTTPS (Hypertext Transfer Protocol over SSL/TLS)
...
tcp
...
444
...
SNPP, Simple Network Paging Protocol (RFC 1568)
...
tcp
...
446
...
DDM-RDB
...
tcp
...
447
...
DDM-RFM
...
tcp
...
465
...
URL Rendesvous Directory for SSM (Cisco protocol)
...
udp
...
500
...
Internet Security Association and Key Management Protocol (ISAKMP)
...
tcp
...
587
...
e-mail message submission (SMTP)
...
tcp
...
636
...
Lightweight Directory Access Protocol over TLS/SSL (LDAPS)
...
tcp
...
993
...
Internet Message Access Protocol over SSL (IMAPS)
...
tcp
...
995
...
Post Office Protocol 3 over TLS/SSL (POP3S)
...
tcp
...
1494
...
Citrix XenApp Independent Computing Architecture (ICA) thin client protocol
...
tcp
...
1723
...
Microsoft Point-to-Point Tunneling Protocol (PPTP)
...
tcp
...
1863
...
MSNP (Microsoft Notification Protocol), used by the .NET Messenger Service and a number of Instant Messaging clients – MSN Instant Messanger
...
tcp
...
3389
...
Microsoft Terminal Server (RDP) officially registered as Windows Based Terminal (WBT)
...
tcp
...
3653
...
Tunnel Setup Protocol
...
udp
...
3653
...
Tunnel Setup Protocol
...
tcp
...
5000
...
VTun—VPN Software
...
tcp
...
5050
...
Yahoo! Messenger
...
tcp
...
5190
...
ICQ and AOL Instant Messenger
...
tcp
...
5222
...
Extensible Messaging and Presence Protocol (XMPP) client connection --Google Talk (Jabber)
...
tcp
...
5223
...
Extensible Messaging and Presence Protocol (XMPP) client connection over SSL
...
tcp
...
5900
...
Virtual Network Computing (VNC) remote desktop protocol (used by Apple Remote Desktop and others)
...
tcp
...
8444
...
FireScope Management Interface.
...
tcp
...
10000
...
NDMP, Network Data Management Protocol.
...
ah protocol
...
...
Authentication Header
...
esp protocol
...
...
Encapsulating Security Payloads
...
gre protocol
...
...
Tufts Secure Wireless
(Network & Wi-Fi/Wireless Access)
Available To
Faculty, Students, Staff and Affiliates on all 3 Campuses: Boston, Grafton and Medford
Quick Access
Enable secure wireless on a computer, phone, or tablet by selecting tufts-secure from the list of available wireless networks, and then entering your Tufts username and Tufts password.
Benefits & Features
Tufts Secure Wireless provides a secure and encrypted path for data to pass which mitigates risk of identity theft and/or data loss. It is available for all devices that support a secure wireless connection to access the internet, including mobile devices, laptops, and desktop computers. All data transferred over tufts-secure wireless is encrypted and data is secured behind a firewall.
Requirements
Tufts-secure is open to members of the Tufts community who have a valid Tufts username and Tufts password.
Getting Started
Connect to tufts-secure:
- While on campus, select “tufts-secure” from the list of available networks.
- Sign in with your Tufts username and Tufts password.
How-to Help
Will add how to info for several different mobile devices
Need help?
- TechConnect
- uitcs@tufts.edu
- it@tufts.edu
- 617-627- 3376
Related Links
Guest Wireless https://it.tufts.edu/guestwireless
Tufts Wireless https://it.tufts.edu/wireless