The visitor network is an “open”, non-authenticated, unencrypted wireless network, connected to the Internet (via ESnet) and logically external to the Lab’s lbl.gov network perimeter DMZ. From the perspective of the Lab’s internal lbl.gov network, devices connected on the visitor wireless network are treated like they were on a commercial ISP or any other external location (ie, outside the Lab perimeter).
The employee network on the internal lbl.gov internet domain offers a secure, encrypted connection to the local network of the building where the access point is located. Traffic on the employee network is treated as any other traffic on the lbl.gov domain.
Using Visitor (lbnl.us) Wireless
Network Services & Protocols Supported and Not Supported
The wireless network only allows limited types of traffic between wireless and other networks, effectively restricting applications that can be used. However, most commonly-used, personal computer applications are supported, and the restrictions primarily limit the inappropriate behavior.
Supported and unsupported services are summarized below.
Internet to Wireless
Inbound TCP connections from the Internet to lbnl.us are generally not allowed. Accordingly, applications intended to serve Internet clients, such as web servers, cannot be operated on the wireless network.
Visitor Wireless to Berkeley Lab address space
Visitor Wireless is largely treated the same as the internet with regards to connections to Berkeley Lab address space. For more details on ports/protocols, including those which are permitted from Visitor Wireless but not from the internet, see the Perimeter Protection document.
Wireless to Internet traffic
There are currently no static restrictions on traffic from wireless to the Internet at large (except to lbl.gov as above).
However, note that all such traffic is fully monitored for unacceptable use and subject to both automated and manual reactive measures, such as blocking individual hosts at the wireless perimeter.
IP Addressing on Wireless
All end-user IP addresses on the Wireless network are provided via DHCP. Static wireless addresses will not be assigned to users.
LBNL-Employee Wireless for iOS
- Go to software.lbl.gov on your iOS device.
- Log in with your LDAP information.
- Search for “Wireless Networking”.
- Download the software and enter information requested on each screen.
- Your connection profile will be added to the “Profiles” of your System Preferences”.
Client Computer Configuration
- Bridging must be turned off or disabled.
- Do not set the Network Type to ‘Ad hoc.’
- Mac laptops – Do not use the computer-to-computer network setting.
Using: System Preferences>Network>AirPort>Network Name. Do not use the “Create Network” option. If you have enabled this option, you may disable it by using the “Join Other Network” option or turning off Airport.