UCSC Wi-Fi Standards
DRAFT DRAFT DRAFT
UNIVERSITY OF CALIFORNIA SANTA CRUZ
These standards provide implementation information in support of the UCSC Wi-Fi Policy (draft). They address security and interference aspects of user-installed wireless (Wi-Fi) access points to the campus networks and other radio wave producing devices in the frequency bands shared with campus wireless data networking. User-installed Wi-Fi access points that do not meet the following standards are subject to removal or being blocked from the campus network.
- User-installed Wi-Fi access points (APs) must be configured to use cryptographic keys or other access control methods to ensure that only authorized users can connect to the Wi-Fi service. Since user-installed APs serve a small set of users, manual distribution of a key is practical.
- Access points must be certified by the Wi-Fi Alliance and meet current Wi-Fi Alliance standards.
- Wi-Fi Protected Access version 2 (WPA2) is the current Wi-Fi Alliance standard. APs made after March 2006 are required to have WPA2 features. APs without WPA2 may not be used in academic/administrative buildings.
- In the event that these standards and the Wi-Fi Alliance standards do not agree, the Wi-Fi Alliance standards take precedence.
- If used, shared keys must be changed at least once a year.
- In residential buildings, the room resident is responsible for all traffic that enters the network through their wired port. As stated above, room residents shall use cryptographic keys or other access control methods to ensure that only they can use the Wi-Fi service.
- These are intended to be minimum security requirements for user-installed APs. They do not address security requirements, laws or regulations, such as the Payment Card Industry Data Security Standard (PCI DSS), that apply to the transmission of sensitive data.
- Network Operations may request that any application that uses more than 50 percent of a shared radio channel on a consistent basis be moved to a wired connection.
- Bluetooth and Zigbee are permitted without exception.
- Except for Bluetooth and Zigbee, use of the ISM 2.4 and 5 GHz bands is reserved for Wi-Fi data networking in non-residential buildings. Devices such as cordless phones, baby monitors, and video extenders may not use these bands in non-residential buildings.
- Users may not install or use Wi-Fi APs that provide coverage in areas served by Campus Wi-Fi. An area is served if the Campus Wi-Fi signal is -75 dBm  or stronger. User-installed APs in areas without Campus Wi-Fi coverage shall be removed from service when campus service is extended to those area. Campus Wi-Fi Coverage Map
- User-installed APs are limited to a maximum transmit power of 15 dBm and to operation in the 2.4 GHz band. Use of more than 20 MHz to achieve high data rates is not permitted in University buildings. APs must not use Super-G or bonded channel transmission methods. APs without adjustable power levels may not be used in UCSC buildings if their transmit power is higher than 15 dBm.
- In classrooms or meeting rooms not served by Campus Wi-Fi, user-installed APs may be temporarily used where consistent with the Wi-Fi Policy (draft) and above standards.
- Wi-Fi Policy (draft)
- Acceptable Use Policy
- Minimum Network Connectivity Requirements Policy
- Procedures for Blocking Network Access
: This signal strength will provide an 802.11g download speed of 10 Mb/s in a TCP test when there is no contention for the Wi-Fi channel. Make five 10-second tests and take the highest download rate as the Campus Wi-Fi supported speed at the sampled location.
DRAFT DRAFT DRAFT