CSCO has it's own identity management system. To request an account have your group-leader or gsi contact person send an email to acctech at gsi.de with the following information
- first name, last name
- GSI organizational unit (csco, lobi, ...)
- email address (@gsi)
- campus account name
- short reason, why the account is required
It helps if a similar account is known (e.g account of a person that works in the same organizational unit).
The csco account is used for all services, including git, wiki, linux shell, etc.
Physical network access and the gsi campus is provided by different departments. Network outlets supported by CSCO are labeled with "Managed by ACC division". The following policy's are valid for outlets supported by CSCO. Other departments have similiar policy's.
- One device per outlet. No Switches.
- Devices must send traffic without external stimulation.
- Devices should use dhcp. This satisfies the previous point
- On Link loss a device must again send traffic without external stimulation
- Device registration is mandatory for any network
A Device connected to an outlet run through the following steps
- link negotiation (10/100/1000, duplex, etc)
- request ip address via dhcp
- switch port authentication ieee 802.1x.
- port authentication configures vlan. Unregistered devices won't get network access.
Outlets marked with colored dots have special configurations and are not for general use. Red dots mark outlets with hard configured mac adresses. Blue dots mark switch uplinks, do not disconnect uplinks, restarting them requires manual intervention from cscoin.
Devices for the general campus network must be registered with the user helpdesk. See http://www.gsi.de/it-service
Devices that should connect to the accelerator network must not
be registered with the campus it. For these devices the following information is required
- mac address
- responsible person and department
- device name
- pxe boot parameters if required