Traffic Filters on the Campus Network

Traffic on the campus network is filtered at selected points to block certain traffic:

• Traffic Filters at the University's Internet Border describes the filters in place at the OIT-managed borders between the campus network and the Internet. These filters affect traffic as it crosses in either direction between the Internet and campus. They do not affect traffic that remains within the campus network.

• OIT Filters Most IPv4 Broadcast and Multicast Traffic on Wireless Networks describes filters on the wireless networks operated by OIT.

• OIT Filters mDNS (Multicast Domain Name Service) on Ethernet Networks describes filters on mDNS traffic. We filter the traffic as it tries to pass through the core of the campus network. We also filter the traffic as it tries to enter any of the wireless services provided by OIT. These filters affect traffic within the campus network.

• OIT Filters IPv6 on Wireless Networks describes a filter on IPv6 traffic on the wireless networks operated by OIT.

• OIT Filters AppleTalk on Wireless Networks describes a filter on the wireless networks operated by OIT. AppleTalk is an obsolete protocol.

• At each IP router operated by OIT, we filter traffic arriving at each of the router's network interfaces. We block incoming traffic coming from IPv4 source addresses other than that which are appropriate for the IP subnet to which that router interface is attached. This filter affects traffic as it tries to leave a subnet, for example.

• Some departments or individuals install firewalls and place some of their devices behind these firewalls. These firewalls filter selected traffic. As such firewalls are governed by individual departments, OIT cannot document the filters they implement, or which parts of the portions of the campus network behind these firewalls. Such policies are governed by the departments or individuals responsible for these firewalls.

• At wireless access points operated by OIT, we attempt to filter the disruptive DHCP and BootP traffic sent by those wireless clients acting as rogue DHCP servers, rogue BootP servers, or rogue BootP Relay Agents. Only the disruptive DHCP and BootP traffic is filtered; the same wireless client's normal DHCP, BootP, and other traffic is not filtered.