Skip to main content
more options

How to Use Network Registry for Visitors

Note: This information is for netadmins who need to set up visitor registrations on their subnets. If you are visiting Cornell and want to register your computer, go to the Getting Connected: Visitors guide.

If you have a visitor to Cornell who needs to use their own computer on a Cornell University network, the computer needs to be registered as required by the Network Registry policy. Registration is similar to that of Cornell computers, but visitors who do not have a Cornell NetID may identify themselves by their e-mail address.

Departments have several options for allowing visitors' computers to access their networks.

  1. Not allow visitors' computers on the network at all.
  2. Require visitors' computers to be pre-registered by the departmental network administrator.
  3. Allow visitors who have registered elsewhere on campus (for example, at another department or a public port).
  4. Allow visitors to register themselves, as long as they know the department's passcode (which you can supply to expected visitors).
  5. Allow visitors to register themselves freely.

Given the range of options, the network administrator should consult with others in the department as appropriate about what best suits local needs, and then make sure that faculty and staff who interact with visitors are informed of the chosen approach.

Registrations made through self-registry are valid for a maximum of 21 days during each semester. (The registration records at reset on January 1 and July 1.) Registrations made by the netadmin are not subject to those limits.

Note: For visitors who need more than 21 days, the registration can be extended by:

  • Talking to the sponsoring department host about obtaining a Sponsored NetID
  • Having the network administrator extend the registration, subject to departmental rules.

If the visitor is using RedRover, the registration can be extended by obtaining a Sponsored NetID. The HelpDesk may also be able to provide an emergency 5-day extension. Contact the HelpDesk at (607) 255-8990.

Host Registrations for Visitors

A host registration may have an e-mail address listed as the owner. There are three restrictions:

  1. There must be visitor information on file about the e-mail address (see below).
  2. A visitor's e-mail address may not be a cornell.edu e-mail address.
  3. The host registration must have an expiration date set.

Note: Visitor usage that is subject to NUBB charges is charged to the subnet default account.

Configure Subnets for Visitor Registration

Netadmins can choose to keep visitor registration for their subnets in their own hands, or to allow visitor self-registration, which enables visitors to come and go with no Netadmin intervention. In all cases, netadmins receive the normal notification of host registrations and changes. See the procedures below:

Configure a Subnet for Visitor Self-Registration

  1. Connect to the DNSDB subnet page.
  2. Visitor Pool Access set to YES.
    In conjunction with a dynamic pool, this means that any computer with with a regular or visitor registration will have access, even if the initial registration was on another subnet.
  3. Decide if you want to use a passcode:
    • To allow anyone to self-register as a visitor, leave Visitor Registration Passcode blank.
    • To regulate who can self-register as a visitor, in the Visitor Registration Passcode box, set a passcode. You will also need to distribute the passcode appropriately.
    • To allow visitors, but not allow registration on the subnet, in the Visitor Registration Passcode box, set a passcode. Do not distribute the passcode.

Typical scenario for self-registration:

  1. Visitor gets on network, is prompted with Cornell Network Registration.
  2. Visitor fills out form. Information about the visitor and their computer is filed, and the network is reconfigured.
  3. Visitor reboots, gets on network (no longer prompted for Cornell Network Registration).
  4. Visitor can immediately use the network, even before confirmation is completed.
  5. Visitor receives confirmation notice with URL by e-mail.
  6. Visitor uses URL to confirm their registration. (Unconfirmed registrations are deleted overnight,)
  7. At this point, the visitor can use their computer for the time they specified when they registered, up to 21 days per semester.
  8. The registration expires.

Configure a Subnet for Visitor Registration by Netadmin Only

Note: NetAdmins can register computers for visitors. Registrations entered by netadmins are not subject to the 21-day limit set for self-registrations.

A local netadmin always registers guests directly in DNSDB, and does not want any other guests on the department's network(s).

  1. Check that the record for the visitor exists in the visitor.cgi list.
  2. Connect to the DNSDB subnet page.
  3. Visitor Pool Access set to NO.
    May still have a dynamic pool that accepts regular CU registrations.
  4. Connect to the DNSDB host page.
  5. Add the visitor registration.

Tools for Visitor Registration

  • visitor.cgi: create/edit an entry, or search for one by e-mail.
  • visitors.cgi: list all visitors.
  • confirmations.cgi: list all outstanding confirmation "offers" to visitors. With this page, a NetAdmin can confirm the visitor's information, with identical results to the visitor's own confirmation, i.e., up to three weeks use of their computer.

About Visitor registry

A registry of visitor e-mail addresses is kept, including all e-mail addresses used as primary users of computers. The following information is stored in the registry:

  • Name
  • E-mail address
  • Cornell department or unit visited
  • Length of visit
  • Purpose of visit
  • Date of data entry
  • Source of data (netid, etc.)

Note: After the expiration or removal of a host registered to the visitor, this information is retained for one year. Netadmins do not need to constantly register returning visitors in order to re-register their computers.

Any netadmin across campus can update a visitor's information. This means netadmins can maintain data for visitors who are using the facilities of multiple departments. Visitor information is not overwritten. A log of changes is kept along with information about which netadmin made each change.

Subnet Options that Control Visitor Access

A subnet controlled by CIT DHCP has the following options, displayed and set on the DNSDB subnet page.

  1. Visitor Pool Access: no | yes
    Allow/disallow visitor access to the subnet.
    For example, if the subnet has a dynamic pool that allows 'known' addresses, and Visitor Pool Access is set to 'allow,' then a computer registered to a visitor (i.e., the primary user is indicated by an e-mail address) can use the pool. If set to 'disallow', such a user will be treated as 'unknown.'
  2. Visitor Reg Passcode: passcode
    Setting a passcode means a visitor cannot self-register without it, allowing departments to select who they allow to register. (This field is only visible to the NOC.)
    If visitors are allowed, and the subnet has a registration pool, then visitors can register, under the control of the subnet's passcode. If no passcode is set, registering visitors are not prompted for a passcode and anyone can register as a visitor.