Building a Network in a Dorm with Network Restrictions Part II

5

1

This is a follow up to an older post I had this weekend.

I recently bought a new Cisco E2000 wireless router and installed DD-WRT on it so that I could set up a Mac/PC Network within my dorm room.

Unfortunately, I am living in a dorm with a ridiculously stringent network policy so I am not allowed to set up any kind of personal network in my room. I thought that I could get away with this since a router should only broadcast a single MAC address, but they have apparently closed this loophole by redirecting first-time network users to a website where they can register their MAC address.

Given this, I cannot currently connect through the internet through a wired or wireless connection on my router. I'm wondering if anyone out there has any ideas on things to try out?

Things that I tried:

  • MAC address cloning on DD-WRT: I gave it a shot, but it didn't appear to work. There were not a lot of options, so I did not play with it for long.

Possible ways to solve the issue:

  • I'm no network expert, but I think that I would essentially need to find a way to register the MAC address through their website, though since it's an automatic redirect and I do not know the address, it'll be hard to do - unless I can somehow get a browser inside of the DD-WRT web-interface?

  • I could also ask the residential computing assistants to register the device, but this may prove to be difficult seeing how they could technically find out that the device is a router by looking up the manufacturer from the MAC Address. In this case, is there a way to actually change the MAC address of a device?

Berk U.

Posted 2011-03-07T16:50:15.917

Reputation: 291

1With a network policy like that, I'd opt for a 3G card from a mobile provider, Verizon, Clear, etc. – Nate – 2011-03-07T16:52:44.947

Cisco makes wireless network adapters. Just because a MAC lookup says "cisco", it doesn't prove anything. – Joel Coehoorn – 2011-03-07T17:49:01.997

1The network policy is likely to stop rogue WiFi access points, your "limitation" of one wired MAC seems like it'd be more likely due to the availability of ports in the room. It should also be noted that Universitys are under stringent review for P2P useage, I'd find it very surprising if the network admins hadn't already throttled the bandwidth for P2P apps. – edusysadmin – 2011-03-07T19:30:22.773

I would say there should be an option to switch the MAC address on the router. But if you do this, you will have to change the address on the box which has then the same. Otherwise you will have problems. Thus switch the MAC, disconnect the old box use the second box for testing. If it works out buy a new network card. Or change the MAC of the box by software. – Darokthar – 2011-03-07T19:40:07.453

Answers

4

As the network administrator at a small college, I find the "no private network at all" requirement a little odd. I can tell you that we have lots of very good reasons for not wanting you to run your own wireless network. Please, just don't do this. As the consumer equipment on the market these days tends to almost always include a wireless radio, that may be a big part of it, but I generally have no problems with students who want to connect multiple devices via the single wired network port in their room, as long as they take care in how it's set up.

Given your needs, their network requirements, and what I suspect they are trying to accomplish with these rules, I would look to solve this in one of three ways:

  • Set it up your cisco router as a dumb hub rather than a switch or router, and turn off or disable the wireless radio in the device. Now you must register the MAC address for each additional device separately. This is preferred, but given the strict rules they may only allow the first device per wired port in your room.

  • Use Network Address Translation (NAT). Most routers have this on by default. If you're using NAT, their system should only ever see your router's MAC address. If everything is set up correctly, registering a MAC from your PC would give them the routers MAC and should satisfy the requirement, such that all devices appear to be using that MAC (no spoofing required).

    You still need to disable the wireless radio. The downside to this approach is that bandwidth management systems will see all your devices as one. Treated this way, the multiple devices are likely to get scored higher for bandwidth management purposes and ultimately your connection will be throttled as a result - you'll get lower speeds than others nearby.

  • Build a private wired network, with no access to the internet. You can use this for things like your synergy app. Then, use the wireless connection on each device for internet access. You'll likely have to play around with routing tables for this to work, so that the default gateway on your wireless adapter takes precedence over the wired (it's normally the other way around).

Some additional key points:

  • They will be able to know and stop you if you don't disable the wireless radio. Modern enterprise access points can detect and neutralize the rogue transmitters. End of story.
  • One reason for this kind of requirement is that it is very easy to mis-configure your device to put a rogue dhcp server on your campus network, and that can cause big problems for everyone. That's one reason to prefer the hub approach vs the NAT approach - there's no dhcp server running on your equipment, as you still rely on the school for this service.

  • From your other question, I see you'd like to use bittorrent. Depending on the school, that may or not be okay. Either way, there are some things you should know before even trying this on a campus network.

    • By default, bittorrent clients are configured to create a lot of simultaneous connections to talk to a lot of peers (often many times per peer) and suck down as much bandwidth as they can get. When you go to a college, this can cause big problems, and it's just not a good way to behave with regards to sharing resources with your fellow students. Just a few people running bittorrent clients configured this way can cause problems for your internet gateway, which in addition to bandwidth may have a fixed cap for the number of concurrent connections it can process at a time. You should edit your client's settings if you can so that you only use a few connections at a time — you'll want something that seems really low, like just 20 or 50.
    • Colleges are now under a lot of pressure to curb p2p file sharing, including bittorrent, with the most recent item being a new law that took effect this past summer that now requires all schools that want to allow students to accept federal financial aid to use technical means to limit this activity. It's highly likely that running a bittorrent client will cause your entire connection to throttled, such that everything else you want to do is slower as well.
    • Try to keep it to legal torrents. Really.

Joel Coehoorn

Posted 2011-03-07T16:50:15.917

Reputation: 26 787

No Wireless wouldn't help an iPad or other WiFi only devices... Not sure what the OPs goal is, but I know I use WiFi for lots of non-wired devices. – Nate – 2011-03-07T17:58:10.740

1@Nate - Those devices should use the wifi provided by the college. Any network manager worth his salt will be running rogue access point detection, with counter-measures, and there are lots of reasons for them to do this. Running his own wireless network is just a bad idea, and it just won't work. – Joel Coehoorn – 2011-03-07T18:01:26.817

1

Some routers have MAC address spoofing built in, where they will use the MAC address of your PC on the Internet-connected network port rather than their own MAC address. See, for example, this Netgear help page.

Mike Scott

Posted 2011-03-07T16:50:15.917

Reputation: 4 220

0

Here's how you set up your router on the ResComp network (coming from someone living in Unit 3):

  1. Disconnect your router from any network, but leave it powered on. Connect your computer to your router via ethernet.

  2. Configure a secure wireless network using WPA2 Personal as your encryption type. This type of secure network is ok where I live, you might be further restricted for unknown reasons.

  3. Find out your router's WAN port MAC address by going to DD-WRT's Status tab then clicking Sys-Info and looking for "WAN MAC." Copy this address to your clipboard.

  4. Connect your computer via ethernet to the network and go to http://rescomp.berkeley.edu. Log into Helpdesk with your CalNet ID.

  5. In Helpdesk, click "Add a new device." Paste your MAC address into the 'Ethernet Address' text field. For device type, select 'Router,' and for operating system, select '*nix/BSD.'

  6. Disconnect your computer from the ethernet network, and connect your router.

  7. Wait for the network to rejigger its business (about 15 minutes to half an hour).

  8. INTERNET!

Here's some notes:

  • Student-run wireless networks are a-ok in Unit 3 as long as they are secured.

  • BitTorrent of copyrighted media is STRICTLY PROHIBITED at UC Berkeley and will result in fees of around $5,000 if the school receives a notice. Do not use BitTorrent for this purpose unless you are using an effective, secure tunneling solution to a remote point (ie, a VPN or SSH tunnel to a computer at home). As far as bandwidth goes, the network is strong enough that the admins don't care about legitimate BitTorrent use.

    If you want to share files without burning bandwidth or paying huge fines, check out Dtella at Berkeley.

  • All devices connected to your router will share your bandwidth limit. If your roomate(s) use your network, you're all splitting that same bandwidth.

Just Jake

Posted 2011-03-07T16:50:15.917

Reputation: 688

Asked: 2011-03-07T16:50:15.917

Viewed: 3 258 times

Active: 2016-03-21T14:29:27.747