Cornell Network Extension (CNE)

Cornell Network Extension is a service that offers remote Cornell University internal network access to offsite locations. CIT provides a networking device that creates a split tunnel VPN back to campus, to give users the experience that they are connected to the network like they are physically on campus. CNE does not support access control lists or firewall policies.

The CNE networking device connects as below:

• Port 0/0 – WAN - Internet connection (Customer provided)
• Port 0/1 – DMZ – Direct Internet access (Non-Cornell traffic only)
• Ports 0/2 through 0/5 – LAN – Customer equipment (Access to Cornell network)

Current sample diagram:

Customers are allowed to connect any networking equipment they would like to the CNE device, such as wireless access points, switches, printers, etc.

Cornell Network Extension Plus (CNE+)

Cornell Network Extension Plus is a service that offers the full networking experience managed by CIT. This includes the networking device mentioned previously in the CNE above, plus networking switches and access points, out of band (OOB) management, and an uninterruptible power supply (UPS). The number of switches and wireless access points depends on the customer's capacity and coverage needs. CNE+ does not support access control lists or firewall policies.

Current sample diagram:

Customers would have all their devices connected to the switch.

Any changes in configuration would be made by CIT Networking. Please email network-backline@cornell.edu for these requests.

Responsibility/Requirements

CNE

• CIT Networking
  • Provides and supports the CNE device
• Customer
  • Provides and supports the internet (ISP) connection (DHCP IP preferred)
  • Provides and supports the physical installation of the CNE device, and the cabling/infrastructure required for connectivity
  • Provides and supports any equipment/device downstream of the CNE device
  • Provides physical onsite support to assist CIT Networking to troubleshoot networking issues
  • Provides netadmin support to allocated CNE subnet 
  • Pickup, ship/deliver, and deploy the CNE device to the install location

CNE+

• CIT Networking
  • Provides and supports the CNE device, switches, wireless access points, UPS, and out of band management device.
• Customer
  • Provides and supports the internet (ISP) connection (DHCP IP preferred)
  • Provides floor plans with wifi coverage required marked on the floor plan
  • Provides and supports the physical installation of any networking devices including the CNE device, and the cabling/infrastructure required for connectivity
  • Provides and supports end user devices downstream of the switch
  • Provides physical onsite support to assist CIT Networking to troubleshoot networking issues
  • Provides netadmin support to allocated CNE+ subnet(s)
  • Pickup, ship/deliver, and deploy the CNE device to the install location

Security

Besides the VPN tunnel the CNE device provides to transport traffic between the remote site and campus, we do not offer any security services such as ACL, policy, traffic capture, or forensics. For further information about traffic/security concerns at a remote site, you should contact ITSO.

Costs

CNE

• $1000 upfront
•  $25 monthly

CNE+

• Upfront depends on remote site equipment/need
• $100 monthly

Order a CNE/CNE+ setup

Click here to request a CNE/CNE+ setup

Only IT professionals can order this service for department-owned or leased office space.