Overview
The Guest Wireless Service is intended to provide wireless network accessibility to university guests. This new wireless network, (SSID: tufts-guest) does not require advanced registration. The network is provided for visitors and short-term guests (e.g. conference attendees, visiting lecturers, non-student, residents). The Tufts guest network has limited access to the Internet and our internal resources with more stringent bandwidth and lease duration settings than wireless for registered devices.
Limited Access
The Tufts guest wireless network is separated from the rest of the Tufts network with private addressing space (i.e. 130.64 is not in-use). This service will provide general network connectivity (web browsing, web email, vpn, etc.) similar to commercial hotspots.
How to Connect
It is easy to connect to the Tufts guest wireless network, as it is intended to be a public service to visitors on our respective campuses. A wireless device should see the wireless network SSID: tufts-guest and be able to connect instantly.
Technical Service Description
- This new SSID (tufts-guest) will be "open" to wireless clients like other public wifi hotspots and registration will not be required.
- There will be no restrictions for wifi protocol, as it will offer 802.11a/b/g/n (n where available) to Guest wireless users.
- This service is intended to allow "open" client guest access, and as such there will no tie in to the TUNIS/Host Registration System to the Guest Wireless infrastructure. The wireless controllers will be directly providing IP address assignment through DHCP, and these addresses will be inaccessible in the Proteus and Host Registration systems.
- Users wishing to access secure university assets, should continue to use the Tufts full wireless service via SSID "tuftswireless".
- Since the wireless controller will be performing NAT between the client and the rest of the network including the Internet, no inbound services will be available to guest users.
- Each device will have its bandwidth limited to 5Mbps download and 1Mbps upload.
- Only a subset of IP Ports and Protocols will be allowed out the wireless controller to the rest of Tufts and the Internet (see chart).
Network Ports Allowed On Guest Wireless Service (SSID: tufts-guest)
Protocol |
Port |
Description |
|---|---|---|
tcp |
21 |
FTP—control (command) |
tcp |
22 |
Secure Shell (SSH)—used for secure logins, file transfers (scp, sftp) and port forwarding |
tcp |
53 |
Domain Name System (DNS) |
udp |
53 |
Domain Name System (DNS) |
tcp |
80 |
Hypertext Transfer Protocol (HTTP) |
tcp |
88 |
Kerberos—authentication system |
udp |
88 |
Kerberos—authentication system |
udp |
123 |
Network Time Protocol (NTP)—used for time synchronization |
tcp |
143 |
Internet Message Access Protocol (IMAP)—management of email messages |
tcp |
389 |
Lightweight Directory Access Protocol (LDAP) |
tcp |
406 |
Interactive Mail Support Protocol |
tcp |
443 |
HTTPS (Hypertext Transfer Protocol over SSL/TLS) |
tcp |
444 |
SNPP, Simple Network Paging Protocol (RFC 1568) |
tcp |
446 |
DDM-RDB |
tcp |
447 |
DDM-RFM |
tcp |
465 |
URL Rendesvous Directory for SSM (Cisco protocol) |
udp |
500 |
Internet Security Association and Key Management Protocol (ISAKMP) |
tcp |
587 |
e-mail message submission (SMTP) |
tcp |
636 |
Lightweight Directory Access Protocol over TLS/SSL (LDAPS) |
tcp |
993 |
Internet Message Access Protocol over SSL (IMAPS) |
tcp |
995 |
Post Office Protocol 3 over TLS/SSL (POP3S) |
tcp |
1494 |
Citrix XenApp Independent Computing Architecture (ICA) thin client protocol |
tcp |
1723 |
Microsoft Point-to-Point Tunneling Protocol (PPTP) |
tcp |
1863 |
MSNP (Microsoft Notification Protocol), used by the .NET Messenger Service and a number of Instant Messaging clients – MSN Instant Messanger |
tcp |
3389 |
Microsoft Terminal Server (RDP) officially registered as Windows Based Terminal (WBT) |
tcp |
3653 |
Tunnel Setup Protocol |
udp |
3653 |
Tunnel Setup Protocol |
tcp |
5000 |
VTun—VPN Software |
tcp |
5050 |
Yahoo! Messenger |
tcp |
5190 |
ICQ and AOL Instant Messenger |
tcp |
5222 |
Extensible Messaging and Presence Protocol (XMPP) client connection --Google Talk (Jabber) |
tcp |
5223 |
Extensible Messaging and Presence Protocol (XMPP) client connection over SSL |
tcp |
5900 |
Virtual Network Computing (VNC) remote desktop protocol (used by Apple Remote Desktop and others) |
tcp |
8444 |
FireScope Management Interface. |
tcp |
10000 |
NDMP, Network Data Management Protocol. |
ah protocol |
|
Authentication Header |
esp protocol |
|
Encapsulating Security Payloads |
gre protocol |
|
Generic Routing Encapsulation |