DRAFT ** DRAFT ** DRAFT ** 30 Mar 2010 ** DRAFT ** DRAFT
This policy addresses both the interference and security aspects of
user-installed Wi-Fi extensions to the campus networks and other
intentional radiators in the frequency bands shared with data
networking.
1. Bluetooth (802.15.1-2002) and Zigbee (802.15.4-2003) are permitted
without exception.
2. Except for Bluetooth and Zigbee, use of the ISM 2.5 and 5 GHz
bands is reserved for Wi-Fi data networking in non-residential
buildings. Devices such as cordless phones, baby monitors,
and video extenders may not use these bands in non-residential
buildings. There is no restriction of 900 MHz devices.
3. Users may not install or use Wi-Fi access point radios that
provide coverage in areas fully served by Cruznet. An area is
served if the Cruznet signal is -80 dBm or stronger. User APs
that were installed in areas without coverage shall be
removed from service when campus service is extended to
their area.
4. User APs are limited to a maximum transmit power of 15 dBm
and to operation in the 2.5 GHz band. Use of more than
20 MHz to achieve high data rates is not permitted in University
buildings. APs must not use Super-G or bonded channel transmission
methods. APs without adjustable power levels may not be used in
UCSC buildings if their transmit power is higher than 15 dBm. These
rules are to limit interference.
5. User APs shall be installed only in research and office areas
not used by the general public. They shall not provide
coverage for classrooms and meeting rooms. These APs must
be restricted so that they cannot be used except by the
tenants of the served spaces.
6. Since user APs serve a small set of clients, manual distribution
of a key is practical. WPA2-PSK is acceptable, as are other forms
of WPA2. The PSKs must be changed once a year or more frequently.
7. APs that were manufactured before March 2006 may be too old to
run WPA2. These APs may not be used in non-residential buildings.
8. User APs in non-residential buildings must register descriptive and
contact information.
We will collect:
1. SSID (aka wi-fi network name)
2. Ethernet interface MAC address
3. Manufacturer and model of AP
4. Location (Building and room number)
5. List of rooms served
6. Contact name (a person)
7. Contact email address (may be a list)
8. Form of authentication
Registered APs will be assigned distinguished names of the form
uwap-.ucsc.edu through dhcp. The contact email is the person
or alias that will receive questions about abuse and security
that track through the AP.
9. The over arching principal in residential buildings is that the
room occupant is responsible for all traffic that enters the
network through their wired port. As such, users shall use
cryptographic keys or other methods to ensure that only
room residents can use the wi-fi service.