skip to content

IT Help and Support

University Information Services
 

How the UniOfCam-Guest wireless service is implemented at the University of Cambridge

Intended use 

The UniOfCam-Guest SSID is intended for short term guests, visitors to the university and members of the public. It is not intended for those who are current members of the university or an affiliated institution (who have a valid CRSid).

It will broadcast on all University Wireless Service (UWS) access points and available to museum visitors, visiting academics (without the use of eduroam from their home institution), college conference guests, members of the public and others. IT staff should still recommend their staff and students connect to eduroam where possible. 

Authentication/authorisation 

Users select the UniOfCam-Guest SSID which will redirect them to a "captive-portal" web page and access an encrypted web page (via HTTPS on port 443). At that point the user will select their preferred social media platform to authorise their credentials, using protocol OAuth2.0. The client is then authenticated using ClearPass, the Wireless Service Network Access Server (NAS).  

The social media platforms which are currently available are: Facebook, Twitter, LinkedIn, Amazon and Github. Development applications have been created on each social platform in order to authorise each users account. 

If the only access is made through HTTPS or other protocols (such as SSH, IMAP or FTP) then no web page can be presented and the user will be unaware their traffic is blocked. However, most modern operating systems test connectivity to the internet via HTTP upon connection to the wireless network and prompt for authentication details, if it fails. 

Port blocks

The University Wireless Service UniOfCam-Guest blocks some ports to/from hosts on the network.

Outbound to ISP / the internet

Outbound traffic is permitted by default.  Only a small number of ports are blocked:

Protocol

Port number(s)

TCP

25 (SMTP), 

135-139 (MS RPC), 

445 (SMB)

UDP

135-139 (MS RCP), 

445 (SMB)

Inbound from outside the UDN (University network)

Traffic to the client is all blocked (although the firewall is stateful, so allows responses to connections originated by the client).

Limitations and restrictions 

The UniOfCam-Guest SSID has limitations imposed on it by using bandwidth contracts implemented on the wireless systems.

This will restrict the upload speed to 15Mbps and a download speed to 25Mbps. This has been designed to limit the user to basic internet usage with limited capabilities when consuming large amounts of bandwidth. The restrictions will also help manage the amount of data that will be processed in order to not saturate or overwhelm the link in place. 

We will review the use of the service periodically to assess whether the download and upload restrictions are appropriate. 
 
In addition, users will be limited to two devices at this time. 

Third Party Internet Service Provider (ISP) 

In order to comply with the Janet AUP, guest traffic is sent via a Third Party ISP. The link speed will be 1Gb/s with redundant connections operating in an active-standby configuration. This traffic will be logically separate to the UDN,  

IP ranges 

Clients will receive IPv4 addresses from one of the University's IP ranges, that undergo network address translation (NAT) onto third party addresses. DHCP is provided by a dedicated firewall for this service. IPv6 is not currently supported.  

Multicast is not currently enabled. 

Security: filtering and data compliance 

This service uses some content filtering to protect minors. Users must also comply with the ISP Acceptable Use Policy (AUP) when using this service.  

A privacy policy has also been created in order to protect the rights and data of the user.

The ISP Acceptable Use Policy and the privacy policy are also available on the captive portal for the users to view before they connect.  

Each social platform also provides its own terms and conditions.  

 

UIS Service Desk

Phone padded  Service status line: (01223 7)67999
Website  Sign up for SMS/email status alerts
Website  Read major IT incident reports

UIS bITe-size bulletin

A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >

Latest news

Change to Raven login screen from Tuesday 14 February

26 January 2023

New login screen for current University members The login screen for Raven-protected websites and applications will change from Tuesday 14 February for current members of the University. It will become the same screen most of you are already familiar with from logging in to your University Microsoft account to access, for...

Changes to Microsoft Stream video sharing from Tues 07 Feb

26 January 2023

26 January 2023 What’s happening UIS is disabling uploads to Microsoft Stream (Classic), the old version of the video sharing app, on Tuesday 07 February. The new version is called Stream (on SharePoint). Teams meeting recordings are already being automatically saved to Stream (on SharePoint). More information: Stream (on...

Institutional File Storage (IFS) service release new features to Self-Service Gateway

18 January 2023

18 January 2023 Several new features are now live on the Self-Service Gateway run by the Institutional File Storage (IFS) service. IFS is a service for institutions to store and share everyday documents with colleagues. IFS Data Owners and Data Managers can use the Self-Service Gateway  portal to buy and administer storage...