IT Staff FAQ

Yes, all network attached devices will automatically receive a dynamic private IP address from DHCP when they connect to the Unified Network. Dynamic addressing provides a quick and simple connection experience for the majority of devices. If you need a registered DNS & IP for remote access or firewall configuration, submit a Unified Network Registration Request. If you have questions or concerns about IP space on the UnifiedNetwork, please submit a Unified Network Support Request.

The Unified Network enhances security through dynamic policy-based management, distributing devices across five data risk levels and by isolating devices from one another using micro segmentation. Endpoints are dynamically placed into the appropriate level based on a combination of hardware type, security posture, and user role. Initially there will be no security posture requirements for general network access, only user role. Over the next year, additional security posture assessments will be implemented as services allow. Any change will be communicated with advance notice.

The Unified Network distributes devices across five data risk levels. The levels range from basic internet service to access for sensitive internal resources. Endpoints are dynamically placed into the appropriate level based on a combination of hardware type, security posture, and user role. Initially there will be no security posture requirements for general network access, only user role. Over the next year, additional security posture assessments will be implemented as services allow. Any change will be communicated with advance notice.

Wireless authentication will occur across three unique SSIDs.

• Guests and device onboarding will use the NU-Guest SSID

• Active University Identities will connect to the eduroam SSID

• IoT devices will connect to the NU-IoT SSID

Wired authentication will vary by device type.

• Private and personal desktops or laptops will be presented with a captive portal to connect to the network.

• Managed private-shared and shared desktops or laptops will automatically connect with a pre-loaded configuration.

• Computers sitting at the login screen, without a managed profile, will default to the Low Risk level to enable regular system updates and remote access.

• Select wired IoT devices such as game consoles will automatically connect to the Untrusted level for general internet access.

Dynamic policy-based management enables access to follow a user and their device across the Unified Network. The result is consistent access to resources on both wired and wireless connections, in any University location.

To prepare for the Unified Network, review the existing registered IP addresses for your area. You can request EIP read access for edge networks using the Edge EIP Read Access Request form. Verify that registered devices, such as servers, printers and scanners are accessed using a DNS name and not an IP. DNS entries will carry over into the Unified Network, but every IP address will change.

Enrolling University desktops, laptops, and mobile devices in Endpoint Management services will provide the option for deployment of managed network profiles in the future, which will simplify network onboarding.

If you have a server located in your campus building that is attached to the Edge network, please submit a Unified Network Support Request for instructions on next steps. Your server may need to be registered manually so that it can continue to operate in the Edge network, until it can be relocated into a University data center in the future. This process will include MAC registration and disabling of 802.1x authentication on a specific port to allow virtual MACs & services to operate. A new IP will be required as part of the transition.

By default, all devices receive a dynamic private IP. A Public address is needed when a resource must be accessed from off campus by users without access to the University VPN. Public IPs are available to support servers located in the Edge network. To request a registered public DNS & IP for a server, submit a Unified Network Registration Request and a Firewall Request.

ITS will be providing IT Support Staff with read access to ClearPass and Airwave to facilitate local connection troubleshooting when the Unified Network enters production. Additionally, training sessions and onboarding documentation will be made available soon.

Yes, IT support staff will be able to create an MPSK (Multiple Pre-Shared Key) to connect institutional IoT devices to the NU-IoT SSID.

OnGuard is a security posture health assessment tool for the Unified Network. OnGuard may be installed on personal devices or non-managed institutional devices to verify a device meets the minimum-security requirements for a specific data risk level. OnGuard only collects specific metadata from a device to measure current security posture. No user data or other tracking data is collected. Initially OnGuard will only be used by ITS for development and testing. As additional security posture assessments are implemented, OnGuard will be made available for use.

No, devices are dynamically placed into the appropriate vlan based on a combination of hardware type, security posture, and user role. If you believe a device is not in the proper vlan, please submit a Unified Network Support Request.