Allow List (authored originally Feb 4, 2015)
Technology Services is moving schools to an Allow List model of access to our networks. This is due to an overwhelming number of devices that have used up all available IP addresses at sites. An IP address is like a parking spot on the network. If no spots are available you can’t get on. Currently we are using a Deny List in most sites that is like whack a mole knocking off devices weekly and sometime daily with much unintended blocking as we don’t always know which device is whose (towing cars after they’ve parked). The Allow List strategy moves us to proactive from reactive (like the new parking gates at the Northern Grand)
We want to make certain that the networks have sufficient space for our staff and district owned devices. To allow you a parking spot, we need to know details of your device, most importantly is your Wireless MAC address. If you were to get a new privately owned device, it will have a new MAC address that would need to be submitted.
What this means is that if you have not submitted the wireless MAC address for your privately owned device we may inadvertently block you or when we move your school to the Allow model, it will not be able to connect to the SD60 Trusted Network (wired, SD60-Staff, SD60-Student). You should not have to submit anything for district owned devices as we have that MAC address in our inventory system and it has already been added to the Allow list. We will have a technician on site the day of switching to an allow list to make certain things are working. You can help us greatly and limit any connectivity issues for yourself by submitting your MAC address before the change.
Phones/iPods represent a large group of possible spaces taken up. If they have their MAC addresses submitted we will determine if there is adequate space to be allowed depending on local availability.
SD60-Public (10.xx.xx.xx addressing, throttled internet only access – port 80&443)
In some schools we have set up a separate network that allows you to connect wirelessly with any device whether we know the MAC address or not. This is to enable student owned devices, staff owned, phones etc to get to the internet only. This is not in place in all schools but we are working to have it in place. This approach will add 64,000 addresses at each site it exists. It involves significant logical networking changes and takes time to build.
Current School IP Address Mitigation Strategy (updated Feb 18, 2015)
NPSS – Deny – tentatively moving to Allow after Spring Break
ELC – Deny – Move to Allow Feb 18
Bert Bowes – Deny
Dr. Kearney – Deny
Alwin Holland – Deny – Move to Allow Feb 25
Baldonnel – not needed as of yet
Bert Ambrose – Deny – move to Allow Feb 23
Buick Creek – not needed as of yet
CM Finch – Deny
Charlie Lake – Deny – Move to Allow Feb 23
Clearview – not needed as of yet
Duncan Cran – Deny – Move to Allow Feb 24
Ecole Central – Deny
Hudson’s Hope – ALLOW
Robert Ogilvie – Deny
Taylor – not needed as of yet
Upper Halfway – not needed as of yet
Upper Pine – Deny – move to Allow Feb 27
Wonowon – ALLOW
School Board Office – not needed as of yet
Grandhaven – not needed
Facilities – not needed
NBCDES – not needed as of yet
I’ve asked staff for dates in the next two weeks for planning where we will be implementing the Allow Lists at buildings above currently employing deny lists.
When the ALLOW will be implemented will depend on local needs (FSA, exams, report cards). We will have a technician on site for two days after the switch to make certain things are working. Five days notice will be given prior. You can submit your MAC address at any time through the link above.
Schools with Separate Public Network in Place (SD60-Public on wifi with 10.xx.xx.xx addresses)
We plan to add others in the future.
The Allow List and the Trusted Network Access strategy was first introduced in October 2013. There is a page in the Help Pages menu above or directly available at http://www.prn.bc.ca/ts/?page_id=2021