Network Architecture

These best practices deal with setup and implementation practices of network equipment in the University network architecture.  The architecture of the network should allow for the strategic placement of network devices to not only secure information assets, but to utilize equipment more efficiently and effectively.

Best Practice:  Use a single DHCP service for assigning IP numbers. 
Use DHCP if at all possible.  This practice allows for redefining DNS servers or other parameters without having to manually reconfigure each network device.  Only use static addresses when there is a requirement that needs to be met.  Do NOT enable other devices or services that can distribute IP numbers.

Best Practice:  Define and refer to devices by DNS name, not IP number.
This allows replacing a device's IP number without having to manually reconfigure each service or application accessing the device.  For example: Assume its-color.unl.edu is a printer on IP 129.93.1.1. It is being replaced with a new printer that has already been registered as IP 129.93.2.2. When the new printer has been set up and is ready to be placed in service, all that has to be done is move the its-color name to the new IP.  No reconfiguration is necessary at every client computer.

Best Practice:  Prohibit the installation and use of personally owned and managed switches, routers, or wireless access points.
This practice helps to keep the quality of service at optimum, while keeping network communication secure, and keeps network device software and hardware up-to-date. 

Best Practice: Utilize Virtual Local Area Networks (VLANs) to segment network traffic.
Segmenting network traffic allows for QoS and securing devices easier.  In some compliance efforts, utilizing a VLAN is necessary.

Best Practice:  Utilize security devices or services such as Virtual Private Network (VPN), Firewall, and Intrusion Prevention Systems (IPS).
VPN is utilized for securing remote access to university devices.
Firewall is utilized to only allow specific traffic or IPs to access protected assets.
IPS is utilized to block malicious traffic from entering into or leaving the university network.

Best Practice:  Document the network topology.
A network diagram of the devices utilized for network communications is necessary when introducing new network equipment or replacement existing equipment.  Keeping an up to date network topology diagram is a necessary component of network infrastructure management.  After a project or change has been implemented, the work is not complete until the documentation has been updated. 

Best Practice:  Utilize change management methodologies or workflow procedures in network modifications to insure consistent results.
Research all software updates before implementing.  Utilizing the same procedure for implementing new network devices or modification to existing devices will help keep outages from occurring, and keep uptime to an optimal performance.

Best Practice:  Make sure cables are in good condition before use.  Always clean fiber ends before plugging into devices or patch panels.
Cables used to connect network devices should not have frays or cuts.  This could lead to inconsistent traffic flow.  Fiber ends are very susceptible to any material to degrade a signal; even oil from human skin.


At UNL, there are several other institutional practices that are followed:

  • Data Port activations need a UNL ITS work order and cannot be completed until proper paper work is submitted
  • Telephone Moves need a UNL ITS work order and cannot be completed until proper paper work is submitted
  • End Users are not allowed to install switches/routers/wireless access points on the UNL network
  • Office remodels often require wire moves – please contact ITS for wire moves and do not attempt to re-terminate and move them yourself
  • The MAC address (wired and wireless) need to registered with UNL ITS
  • Departments outside of Networking should contact Networking early in a project in case they will need network access.  This will allow networking to ask the vendor questions and help implement what is needed.