Guest Network Access Procedure

1.0 Purpose

The purpose of this Procedure is to define standards for connecting to and using Appalachian State University's data network by Guest Users. This Procedure is intended to provide limited network access to network users who do not qualify as a student, faculty or staff member at Appalachian State University.

2.0 Scope

This Procedure applies to anyone with an Appalachian State University-owned or personally owned computer or workstation used to connect to the Appalachian State University network.

3.0 Procedure

3.1 General

  1. VPN sessions are not allowed for Guest Users because of network security issues.
  2. TCP ports for Guest Users will be very limited and special ports will not be temporarily opened.
  3. Appalachian State University staff or faculty must sponsor Guest Users who wish to connect to any of Appalachian State University internal networks.
  4. Sponsors will provide Guest Users with the “uguest” account name and password. This username and password combination is used to register guest network devices for network access. College consultants and Technical Support members can provide the latest account name and password and directions of how to register a network device.
  5. Sponsors must inform the Guest User of the existence of Appalachian State University computer use policies and perform due diligence to see these policies are followed by the Guest User.
    1. Computer Use Policies (Policy on the Use of Computers and Data Communications) http://www.policy.appstate.edu

3.2 Requirements

  1. Guest registered devices or Guest Default Devices will be assigned “NAT” IP addresses via DHCP and will be considered Untrusted Users with limited access to Appalachian State University internal networks and the Internet.
  2. For temporary situations where the Guest User account cannot be used for network access for whatever reason. The sponsors Staff or Faculty Computer User Account can be used to register the device and then remove the device after the Guest User no longer requires access. In any case the sponsor is always responsible for the Guest User following University Computer and Network Use Policies.

4.0 Enforcement

Anyone found to have violated this Procedure may have their network access privileges temporarily or permanently revoked.

5.0 Definitions

Guest Default Devices
All devices not registered by faculty, staff, student or special University administered VLANs and that are attached to special network switch ports that default to the Uguest_VLAN.

Guest User
A network user with limited access. Usually a user device that is not registered by full-time staff, faculty or students at Appalachian State University.

Trusted Device
A device connected to the on campus network that has been registered for Network use by or for a staff or faculty member using their University Computer User Account. Or devices located in special ITS managed subnets.

Trusted User
Appalachian State University Staff, Faculty, or Third party contractors who have executed a Third Party Connection Agreement.

Trusted Network
All devices registered as default faculty and staff administered and other devices registered in special Trusted VLANs such as Special Purpose and University Administrative subnets.

Uguest_VLAN
Virtual Local Area Network for University Guest User network devices.

Untrusted Network
All devices that do not fit the Trusted Network definition, including but not limited to Internet devices.

Untrusted User
All devices and users that do not fit the Trusted User definition.

VPN
Virtual Private Network, a way to tunnel encrypted IP packets between VPN Concentrators and Clients.

VPN Concentrator
A device in which VPN connections are terminated.

VPN Client
Device, usually a single computer running client software.

6.0 Revision History


Advanced