Some customers choose to attach a private Ethernet repeater, bridge, or switch to the campus network. Typically customers attach such a device directly to OIT Ethernet Service.
Most often, customers do so to obtain additional Ethernet ports in a location where OIT Ethernet Service is available, but the customer has more devices (e.g. computers, printers, etc.) than the available number of OIT Ethernet ports. Sometimes the customer takes this approach (instead of requesting that OIT install/activate additional OIT Ethernet ports) to avoid paying for additional OIT Ethernet ports. Other times the customer takes this approach because the location is one in which OIT will not install additional OIT Ethernet ports. Less often, a customer attaches one of these devices to the campus network to connect an entire private Ethernet network to OIT Ethernet Service.
Although we do not encourage it, customers are permitted to attach their own Ethernet repeaters, bridges, or switches to OIT Ethernet service. In locations where it is possible to have additional OIT Ethernet ports installed/activated, we always recommend that the customer do that rather than attach their own Ethernet repeater, bridge, or switch.
Ethernet repeaters, bridges, and switches should not be confused with Network Address Translators ("NATs", a.k.a. "NAT Routers"), which are entirely different. When the installation/activation of additional OIT Ethernet ports is not an option, and a customer is choosing between installing a NAT or an Ethernet repeater, bridge, or switch, use of an Ethernet repeater, bridge, or switch is always preferrable over a NAT. NATs are far more likely to create problems for the campus network and for the customer; see Connecting a Private Network Address Translator to the Campus Network.
The purpose of this document is not to describe what an Ethernet repeater, bridge, or switch does, or to provide detailed documentation for configuring one. (We assume that the customer who chooses to operate a private Ethernet repeater, bridge, or switch understands what the device does, and has documentation from the device's vendor.) Instead, this document is intended to describe just the issues specific to connecting a private Ethernet repeater, bridge, or switch to Princeton University's campus network.
Although this document discusses private Ethernet repeaters, bridges, and switches, it should not be construed as a statement of OIT support for these devices.
In locations where it is possible to have additional OIT Ethernet ports installed/activated, we always recommend that the customer do that rather than attach their own Ethernet repeater, bridge, or switch.
Our experience is that customers who choose to connect these devices instead of having additional OIT Ethernet ports installed/activated often have not taken into account the disadvantages of this approach. And often, customers do not realize that they must register most of these devices in the Host Database.
OIT does not support private Ethernet repeaters, bridges, and switches; you are responsible for operating your private Ethernet repeater, bridge, or switch in a way that does not interfere with the operation of OIT's network service. If you cannot configure it to operate in such a way, you will have to disconnect it.
If you choose to attach a repeater, bridge, or switch to OIT Ethernet Service, keep in mind:
For example, if the device is one that would have to be registered in the Princeton University Host Database (or subscribed to Dormnet) were it attached directly to OIT Ethernet Service, then it still must be registered/subscribed even though it is attached to your repeater, bridge, or switch. If the device would be subject to the Tigernet Host Charge were it attached directly to OIT Ethernet Service, it is still subject to the Tigernet Host Charge even though it is attached to your repeater, bridge, or switch.
For example, if you attach each of your three PCs to their own OIT Ethernet ports, and each port provides 10 Mbps service, each PC has a dedicated 10 Mbps connection to the OIT Ethernet switch. If you instead attach your PCs to your own Ethernet switch, then attach your switch to a single OIT Ethernet port providing 10 Mbps service, your three PCs are now sharing a single 10 Mbps connection to the OIT Ethernet switch. Even if your private Ethernet switch provides higher-speed (e.g. 100 Mbps) connections to the individual PCs (so they can talk amongst themselves at high speed), they all still must share the single uplink to OIT Ethernet Service.
If you've decided to use an Ethernet repeater, bridge, or switch to share a single OIT Ethernet port among multiple clients, then when one of those clients is the source of a problem, all of those clients would lose network service if OIT disables the OIT Ethernet port.
Departments considering the use of private Ethernet repeaters, bridges, or switches as a cost-savings approach (to avoid paying for an OIT Ethernet port for each client) should consider this issue carefully. You may find that you save a few dollars in the short-term, but that savings is easily offset by the additional network disruption you experience when a problem with one of the clients results in the loss of network service to all the clients sharing that private Ethernet repeater, bridge, or switch. Had each client been attached to its own OIT Ethenet port, it would have been possible for OIT to disable service to just the disruptive client.
Your Ethernet switch will have one port connected to OIT Ethernet Service. Never connect more than one port on your Ethernet switch to OIT Ethernet Service. That would create a loop.
Your Ethernet switch will probably have one or more ports connected to your computers, printers, etc. Don't mistakenly connect two of the ports on your Ethernet switch together. That would create a loop.
Some customers choose to attach to OIT Ethernet Service a private Wireless Access Point that acts as a bridge. See Connecting a Private Wireless Access Point to the Campus Network.
If your Ethernet bridge, switch, or repeater transmits any Ethernet frames onto the campus network using its own Ethernet address (i.e. the device generates Ethernet frames with its own Ethernet source address), you must register the device in the Host Database.
Simply registering a device in the Host Database as a repeater, bridge or switch doesn't cause the device to operate that way. How the device actually behaves depends on the device itself. When you register the device in the Host Database, you are telling OIT how the device will behave.
It is your responsibility to ensure that the device is properly registered given the way it behaves. If you choose to replace the device, you are responsible for changing its registration appropriately.
If based on the information above, you must register your Ethernet repeater, bridge, or switch in the Host Database, follow these instructions:
(The Host Database uses the ENTRY-TYPE of BRIDGE to denote a bridge that connects media of different types; e.g. Ethernet to Wireless. It uses the ENTRY-TYPE of "HUB" to denote all other Ethernet bridges, repeaters, and switches.)
As a rule of thumb, if the device needs to be registered in the Host Database in the first place, it probably also speaks IP (e.g. to allow configuration of the device from another computer).
The device may have multiple Ethernet addresses (e.g. one for each Ethernet port). When registering the device, specify the Ethernet address of the port attached to OIT Ethernet Service; i.e. the Ethernet address that the device will use when transmitting frames of its own to the campus network.
Some Ethernet switches will transmit Ethernet frames to the campus network from more than one Ethernet address. In particular, sometimes they will transmit IP traffic from one Ethernet address that is global to the switch (associated with managing the switch), and transmit Spanning Tree Protocol (STP) BPDU's from an Ethernet address associated with the specific Ethernet port attached to OIT Ethernet Service. In this situation, register the Ethernet address used for IP as the device's first Ethernet address, specify that it should be assigned an IP address; register the other Ethernet address(es) as additional Ethernet addreses (not assigned any IP address).
We do not normally record locations of devices in dormitory rooms or apartments, as requiring customers to update these location fields as they relocate yearly is burdensome, particularly for repeaters, bridges, and switches (as the Host Database entry will be locked).
If the device is not located in a dorm room or apartment, specify accurate BUILDING and ROOM fields.
If you are not a student or the device does belong to a University department, then specify an accurate DEPARTMENT-NUMBER field.
If you are not a student or the device does belong to a University department, specify an accurate University account number for the ACCOUNT-NUMBER field.
Assuming you follow the rest of the instructions in this document, there will be no Tigernet Host Charge for the repeater, bridge, or switch.
When you register the device in the Host Database with an ENTRY-TYPE of HUB, and specify that it should be assigned an IP address, OIT may choose to assign to it an IP address that is blocked from reaching the Internet. As there should be no need for a repeater, bridge, or switch to communicate with the Internet, this does not reduce the device's functionality, and has no effect on the ability of devices behind the device to reach the Internet. To prevent the device from reaching the Internet via OIT VPN Service, it may also be blocked from communicating with OIT VPN Service.
This practice helps discourage mis-registering a host or Network Address Translator with the ENTRY-TYPE of HUB to avoid paying the Tigernet Host Charge typically assessed other devices such as hosts or NATs. (If the device actually is a host or a NAT and you mis-register it with an ENTRY-TYPE of HUB, this inability to reach the Internet will limit its functionality.)
When you register the device in the Host Database with an ENTRY-TYPE of HUB, OIT will generally "lock" the Host Database entry. This ensures the entry's IP address (if any) or ENTRY-TYPE (or in fact any field in the entry) cannot be changed without OIT's intervention. If after registering a device with the ENTRY-TYPE of HUB, you later decide it should be something else, but find its Host Database entry is locked, send email to hostmaster@princeton.edu describing the change to the Host Database entry you wish to make.
If you have questions or need assistance with any of the procedures in this document, please contact the OIT Help Desk.