NYURoam Design

ITS has designed the NYURoam wireless network for maximum security, flexibility, and efficiency. For those who are interested, NYURoam infrastructure and IP addressing information is included below.

Operational Restrictions

Several operational restrictions apply to the NYURoam network:

• NYURoam is an IP-only network. No other protocols (e.g., IPX, MacintoshTalk, LAT, NETBUI, etc.) are supported.
• No services are offered on the wireless network's backbone (e.g., mail servers, web servers, news servers, etc.).
• No direct, peer-to-peer connectivity between wireless clients is possible utilizing the wireless infrastructure.

Refer to the Wireless Policies for an outline of important rules and responsibilities.

Infrastructure and IP Addressing

NYURoam is a Direct Sequence Spread Spectrum (DSSS)-based radio network, in the unlicensed 2.4 GHz and 5 GHz frequency ranges, supporting the IEEE 802.11b/g and 802.11a standards.

NYURoam's wired transport is a fiber optic backbone infrastructure that runs in parallel to NYU-NET's infrastructure. Access Points (APs) are located at the network's extremities. These devices serve to "bridge" the radio LAN and wired LAN. They accept radio-based connections or "associations" from wireless clients and move data between those clients and wired network resources. The APs interface to the wired network using 100 Mbit/sec interfaces to Ethernet switches. These switches, utilizing multiple Virtual LANs (VLANs), pass data along via either 100 Mbit/sec or GigE (1000 Mbit/sec) interfaces, depending on the model of the switch, to a router. This router interfaces to NYU-NET's core network through a firewall, which performs two critical functions: it enforces access policies to and from the wireless subnets and performs Network Address Translation (NAT) for the entire service.

NAT is a method of connecting multiple computers to the Internet or any other IP network by using one (or more) public IP addresses. It is important to note that public IP addresses are a limited commodity. The use of private addresses in conjunction with NAT is the single best way to conserve public IP addresses. Our wireless service is based on private address space, and has the the capacity to support over 250,000 addresses, and 1,024 subnets.

NYURoam wireless clients use NAT and are therefore assigned private IP addresses (addresses not directly accessible from the Internet). These devices communicate with the Internet through a device that translates their private address into a public (Internet accessible) address, making two-way communications possible. Therefore, thousands of privately addressed systems can interface with the Internet through one Class C (256 IP addresses) group of public address space, which only minimally diminishes our public IP address pool. A PIX firewall handles this processor-intensive operation.

NYURoam does not require you to register the hardware address of your wireless NIC. Any properly configured NIC and wireless client will be issued an IP address via DHCP once you have authenticated with your valid NYU NetID and password.

Page last reviewed: April 14, 2008