DRAFT  **  DRAFT  **  DRAFT  **  30 Mar 2010  **  DRAFT  **  DRAFT

This policy addresses both the interference and security aspects of
user-installed Wi-Fi extensions to the campus networks and other
intentional radiators in the frequency bands shared with data
networking.

1.  Bluetooth (802.15.1-2002) and Zigbee (802.15.4-2003) are permitted 
    without exception.

2.  Except for Bluetooth and Zigbee, use of the ISM 2.5 and 5 GHz
    bands is reserved for Wi-Fi data networking in non-residential
    buildings.  Devices such as cordless phones, baby monitors, 
    and video extenders may not use these bands in non-residential 
    buildings.  There is no restriction of 900 MHz devices.

3.  Users may not install or use Wi-Fi access point radios that
    provide coverage in areas fully served by Cruznet.  An area is
    served if the Cruznet signal is -80 dBm or stronger. User APs
    that were installed in areas without coverage shall be
    removed from service when campus service is extended to
    their area.

4.  User APs are limited to a maximum transmit power of 15 dBm
    and to operation in the 2.5 GHz band.  Use of more than
    20 MHz to achieve high data rates is not permitted in University
    buildings.   APs must not use Super-G or bonded channel transmission 
    methods.  APs without adjustable power levels may not be used in 
    UCSC buildings if their transmit power is higher than 15 dBm.  These 
    rules are to limit interference.

5.  User APs shall be installed only in research and office areas
    not used by the general public.  They shall not provide
    coverage for classrooms and meeting rooms.  These APs must
    be restricted so that they cannot be used except by the
    tenants of the served spaces.  

6.  Since user APs serve a small set of clients, manual distribution 
    of a key is practical.  WPA2-PSK is acceptable, as are other forms
    of WPA2.  The PSKs must be changed once a year or more frequently.  

7.  APs that were manufactured before March 2006 may be too old to
    run WPA2.  These APs may not be used in non-residential buildings.

8.  User APs in non-residential buildings must register descriptive and 
    contact information.
    We will collect:
     1.  SSID (aka wi-fi network name)
     2.  Ethernet interface MAC address
     3.  Manufacturer and model of AP
     4.  Location (Building and room number)
     5.  List of rooms served
     6.  Contact name (a person)
     7.  Contact email address (may be a list)
     8.  Form of authentication

    Registered APs will be assigned distinguished names of the form
    uwap-.ucsc.edu through dhcp.  The contact email is the person
    or alias that will receive questions about abuse and security
    that track through the AP.  

9.  The over arching principal in residential buildings is that the
    room occupant is responsible for all traffic that enters the
    network through their wired port.  As such, users shall use
    cryptographic keys or other methods to ensure that only 
    room residents can use the wi-fi service.