Visitor systems and employee's personal systems are placed on the external subnet which is outside the NCAR security perimeter. Before placing a visitor system or employee's personal system on the network, check with the Systems Management Group to ensure that the network connection is configured to be on the external subnet.
The main reason for placing visitor laptops on the external subnet is that some visitors find it easier to gain access to their home institutions if their system is not behind the NCAR security perimeter. It also protects our environment from viruses that may be on visitor systems.
This external subnet is using DHCP (Dynamic Host Configuration Protocol) to assign IP addresses to systems. The following instructions describe how to configure Windows 98 and Window 2000/XP systems for DHCP.
Note: You must be logged in as "administrator". Open the Control Panel, and double-click on the Network icon. A window similar to what is shown below will be displayed.
Highlight TCP/IP and click on Properties. On the next window, select Obtain an IP address automatically. Click on OK to close the windows. Restart your system.
Note: You must be logged in as "administrator". Open the Control Panel, and double-click on the Network & Dialup Connection icon (for Windows XP, select Network and Internet Connections, then Network Connections).
Double-click on the LAN connection that you wish to configure (for example: Local Area Connection) and the following window will be displayed.
Highlight Internet Protocol (TCP/IP) and click on the Properties button. When the following Window is displayed, select Obtain an IP address automatically and also select Obtain DNS server address automatically. Click on OK to Close.
Since visitor laptops are outside the NCAR security perimeter, they may be able to receive e-mail from their home institutions if the institution's security perimeter allows it. Usually laptop users are using a POP or IMAP e-mail client to read their e-mail. Unfortunately, there are so many different e-mail clients in use that a specific example of configuring an e-mail client cannot be described.
When configuring your e-mail client, it is important that the SMTP server be changed to be mdir.ucar.edu. If you need additional help configuring your e-mail client, please enter an assist request.
For more information on configuring e-mail programs, such as Netscape Messenger or Eudora, see Chapter 6 in the MMM Unix Computing Guide.
Since the visitor laptops are outside the security perimeter, special steps need to be taken to gain access to MMM systems. First, each visitor should have an MMM system in their office that they can use. By using the provided system, they will always have access to MMM systems .
To gain access to the MMM systems from a personal system, a gatekeeper account should be requested. A Secure Shell (SSH) client should be installed on the system. In MMM, we use an SSH client called PuTTY. For information on obtaining and using PuTTY, see Chapter 7.
Using FTP to transfer files between MMM and home institutions is difficult. FTP cannot be used to transfer files into MMM systems from outside the security perimeter. However, FTP files can be tranfered to a home institution from an MMM system. Then, using the laptop, FTP can be used to transfer files from the home institution to the laptop. For more information on FTP see Chapter 9 of the MMM Unix Computing Guide
Submit an assist request.