Connection Regulations for the NUZ

NUZ: Network University of Zurich

All IT systems connected to the University of Zurich’s network must meet certain technical and security requirements. These guidelines apply to all devices with a network connection – wired or wireless – for example:

• Personal computers, notebooks, servers
• Tablets, smartphones
• IP phones, Wi-Fi access points
• Webcams, control and monitoring systems
• Sensors, actuators, controllers, access control systems, large-scale equipment

• For new installations, Category 6A patch cables must be used.
• Cables and connectors must be properly assembled and undamaged.
• Cables must not be bent or crushed.

Recommended standard connections:

• IP phone → UCC outlet (wall)
• Computer → free port on the IP phone
• Additional devices (e.g. printers) → dedicated UCC outlet

Notes:

• The use of mini-switches is no longer recommended, as they may hinder the implementation of Network Access Control (NAC).

• Where available, use free UCC connections or Ethernet ports on IP phones.

• If no connections are available, request additional UCC outlets via

  • Portfolio and Asset Management (submit a user request).

The NUZ is based on the Ethernet standard (IEEE 802.3).
Connected devices must support standards-compliant Ethernet.

Ethernet (wired):

• Supported variants: 1000BASE-T, 100BASE-T, 10BASE-T
• Selection is automatic (autosensing)

Wi-Fi (wireless):

• Currently used standards: at least 802.11g, mostly 802.11n, and 802.11ac for new installations
• For new purchases with a longer service life, support for 802.11ac is recommended

Certain devices receive power directly via the network cable, for example:

• IP phones
• Wi-Fi access points
• Webcams
• Devices used in building technology

Rules:

• PoE is permitted only for devices operated by Central IT (ZI) or within the scope of building technology.
• Misconfigured PoE devices can cause operational disruptions.
• In exceptional cases, Central IT may grant special approval.
• Only connect devices that correctly support the LLDP-MED protocol so that the device type and power consumption are visible on the switch and power management functions properly.

Further information:

• PoE at UZH

The NUZ is based on Internet Protocol (IP). The underlying protocols are IP (Internet Protocol), TCP and UDP.

Requirements:

• Systems must support IPv4 addressing both manually and automatically (DHCP).
• For manual configuration, the following parameters must be configurable:
  • IP address
  • Subnet mask
  • Address of the default router
  • Addresses of at least two name servers
  • Default domain
  • Optional: NTP server (time server)

Future-proofing:

IPv6 is not yet supported at UZH. However, its introduction is expected in the long term – new systems should therefore be IPv6-compatible.

All devices connected to the NUZ must comply with UZH’s security regulations.

Ethernet:

• Wired access is currently unauthenticated.

Wi-Fi:

• The Wi-Fi client must support the WPA2-Enterprise (IEEE 802.1x) mechanism.
• Permitted authentication protocols: EAPoL, PEAP, MSCHAPv2.
• Login is via your personal UZH username and password.

Important: Systems that violate these regulations or cause network problems may be disabled at any time without prior notice.

If you have any questions, please contact the

• «IT and Construction Coordination» Unit,
  IT Infrastructure Department, Central IT.
  Email: itundbau@zi.uzh.ch