School Network Issues

By junk53 ·
I teach an IT class where students make their own Cat5e cables and connect hand-me-down school computers to the network, reformat windows, and do various activities with them. One day, I went to setup another PC and plugged everything in (including the network cable) and started to install windows. Apparently, that caused issues with the school's network so much so that they called in a contractor to help solve the issue; his solution - make a general announcement for anyone who connected something to the network to unplug it. When I did, the network was supposedly fine again. I took the same PC and cable home and hooked it to my router and everything worked fine. A couple of weeks later, I setup another PC in the room, hooked it to the network, and everything worked fine (even had the school's technician check it out just in case). The next day after school, another general announcement was made. Just in case, I unplugged the new PC again but no one told me if that helped or not. Each time I used a different port but in the same box. Could it be a that the two ports are bad? If so, is there a way I can test it so I know for sure that the problem is there? Can a PC showing no symptoms cause the network to "crash"? The last time we had the issue caused some people to get very upset and I do not want to be the scapegoat b/c of one incident - any information you can give would be greatly appreciated. Thanks in advance. Mike

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -


by Churdoo In reply to School Network Issues

There are too many things that can take down a network: Bad switchport(s), Virus, bad NIC, just for starters.

That is why when we have clients that have departments or classrooms doing what you're doing, we suggest that the room be on a separate VLAN, or at least the switch that the students have access to. With students plugging equipment that they've made into a production network, the school is just asking for trouble. If they're on a separate VLAN, they would only crash their own VLAN and production otherwise continues normally.

The first time, when you unplugged the computer and everything returned to normal, do you know that someone else somewhere didn't unplug or power down something else at the same time? If I were the consultant brought in, I'd spend more time isolating the problem myself rather than just making a general announcement. If from the main switch, he shutdown or unplugged the switchport that goes to your room and the network returned to normal (you didn't say what the symptoms were), then he knows the problem is coming from your room. Otherwise, no one knows for sure; it may not have been your computer that caused it in the first place.

Collapse -

how to check

by junk53 In reply to VLAN

Thanks for the quick reply. Is there a way I can find out myself if the problem is coming from my room before I go accusing the network guys of doing a sloppy job? Would really like to know what happened that first time around especially since the PC is working fine on my home network.

They are going to setup the room with a VLAN but not until after the summer probably, I would like to avoid any problems until then. In other words, I could have my students use this opportunity as a learning experience and test out each of their own classroom pc's on the network - that next time something happens I can tell them I tested out everything on my end and that they should look elsewhere.

Collapse -

Not heard of an instance that a school lab was actually connected

by CG IT In reply to School Network Issues

to the schools network.

Any administrator should have isolated the schools network from a lab where student work on computers.

If not the admin ought to be severely reprimanded. Major security risk.

Only time I've heard of plugging a computer into a network caused the network to fail is when said computer causes a broadcast storm. Not something one see these days. STP usually can take care of broadcast storms.

Added: broadcast storms are when a computer sends out a bad broadcast or multi-cast packet that causes all the other computers to respond with the wrong information. Because all other computers respond to the multicast message incorrectly the original computer then resends the bad packet thus a continuous loop of broadcast or multi-cast packets that eventually cause complete connectivity loss on the network.

So, some admin who didn't apply port security on switches, didn't configure STP, and didn't isolate a student lab from the school's main network,

.... out to be stripped naked, dragged through the streets with a sign Brain Dead Screw Up tied to toe....

Port security should have take care of the problem where a host that plugs in to a port and not authorized to plug into the port would have caused the port to disable itself thus not allowing unauthorized hosts from gaining network connectivity.

Collapse -

re: not heard...

by junk53 In reply to Not heard of an instance ...

In defense of the IT department, they didn't know of what I was doing with students until last semester when a student installed some gaming server software that caught the attention of their security guy (opened up too many ports on that PC). After that, they talked about setting up a VLAN but didn't stop what I was doing come this semester.

What I'm hoping to do is to say to my admin without doubt that my actions are not causing issues with the network (although I'm going to discontinue use of it since I'm now the scapegoat whenever something goes wrong). Plus I want to be able to tell my students what happened and how it can be managed since this is an IT class and this can be a great learning opportunity after all.

Collapse -

All goes back to network security

by CG IT In reply to re: not heard...

Any unauthorized hosts that connects to a switchport should have been denied connectivity to the network and the switch port disabled. Once the switchport is disabled, an administrator would have to log on to the switch to reenable it. That would have been their first clue. If a second switchport also became disabled, that should have been the second clue someones trying to break in.

Second would be how a lab of any kind could have been introduced on to the school network without the IT department not knowing about it. Serious breach in policies and procedures not to mention network security. If it was me, and an instructor or student just took it upon themselves to try and connect to the school network without authorization, I'd have banned you from doing anything that dealt with computers and students. If the practice continued, then it's time to have the police enter into it.

A US Supreme Court ruling requires schools to archive all data on a school network.

Here's an excerpt from a Billingham WA article: Feb 2007

The school district, like all public schools nationwide, is required by an April U.S. Supreme Court ruling to track all electronic information produced by students and employees, including e-mails and AOL instant messages, that occur on school computers, said Ahrens.

The district, according to the ruling, would need to set up a system that would save and sort all data, a system they currently do not have. The archiving system would have to track e-mails, instant messages, documents, spreadsheets and all other electronic information, said Ahrens.

Most school district networks have been locked down very tight so they don't have students and employees creating information, sending emails or insta-messages because they have to then collect and archive them.

So, as you can see, I can't imagine the IT department being lax in regards to network security.

Collapse -

So is there any way?

by junk53 In reply to All goes back to network ...

From what I'm hearing, their is no legal way I connect student computers to the internet through the school unless they are somehow setup to be monitored? Even if they are setup just for educational use?

Also, do you have a link to the reference you used - didn't find anything about the ruling after a quick search.


Collapse -

nothing says you can't use school's internet resources

by CG IT In reply to So is there any way?

Only that if employees or students generate data which includes emails or IM using schools resources such as computers or networks, the school must collect and archive the data.

What can't be done is have a computer lab that is not monitored and data generated by students and employees not collected and archived. Can be a reall daunting and costly task which is why most schools lock down their networks and labs often don't allow emails or IMs.

The data retention laws fall under the Federal Rules for Civil Procedure for electornic data discovery in litigation. The US Supreme Court upheld the requirements for Schools to collect and archive such data.

Here's the complete article I referenced.

Collapse -

Final Line

by junk53 In reply to nothing says you can't us ...

Ok, so the slide presentations the students are making on their work computers have to be archived under federal law? I have five computers setup sans-network used for programming micro controllers - those programs have to be archived too? I understand where this is going - but our school has it's own email server and I nor the school in general allow any instant messaging - that should cover it right?

Right now I've disconnected all PC's off the network that weren't originally there and told my boss that they are not going back on until a VLAN or something else gets put up. Also, what about using the internet? If a virus gets on one of the computers on the VLAN, couldn't get get the school's server blacklisted? Is it worth the hassle to have an IT class hooked to a network?

Collapse -

When I was in school

by Dumphrey In reply to Final Line

we had 4 labs on the network. Each lab was in its own vlan, and forced through a transparent proxy (one per lab), that filtered traffic so ONLY port 80 was allowed. Each official machine had deepfreeze installed on XP, so changes and data were stored on 5GB student shares, managed by the department head. Also, every official station had monitoring software to allow the instructors to view the students screens (actally can be a powerful teaching aid, as each student can demonstrate over a single projector for an entire class, with the teacher managing whos box is being projected when.).
We were considered to be getting off lightly by many. There are always circumventions, but you have to do your best to give network students least amount of privilege. And, setting up a stand alone network is just as much practice when all that is lacking is a simple gateway. All reasonable precautions should be taken.

Collapse -

yep the law doesn't specify types of data

by CG IT In reply to Final Line

just that data created or generated by students or employees on school owned computer equipment must be archived.

Vlans are logical subnets of a network in which only hosts in the same vlan can communicate with each other [except is when inter-vlan routing is enabled]. A school lab computer infected with a virus would not be able to infect other hosts on other subnets as the lab is isolated from the main network.

Is it worth the hassle to have an IT class hooked to a network? sure if your teaching IT.

It's just not smart to have a school lab hooked up directly to the schools network [meaning the computers school employees use to do their jobs].

So a good school IT admin will have seperated out the schools labs computers into their own network[router/firewall] thus keeping computers student use and inherently screw up, by virtue of being kids, seperate from the schools network. Access to the internet might be through the schools perimeter router/firewall Internet connection but that doesn't mean computers are on the schools network.

BTW if you teach IT, you ought to know this stuff.

Related Discussions

Related Forums