Diocese of Harrisburg

Page | 7

Diocese of Harrisburg

Wide Area Network

Handbook

Table of Contents

Acceptable Use for Students 24

Social Media Policy 297

Caring for the 2900 Series Cisco Router 3

Connectivity Content Troubleshooting 6

Connectivity Issues with Router and Other Issues 34

Configuring External DNS Entries 7

Configuring Public IP Addresses 6

Diocese of Harrisburg Remote Email Users 7

Diocese of Harrisburg Intranet 87

Glossary for Web Tools 360

Help Desk (Diocesan) 78

Internet Safety Rules for Minors 2831

Listserv Rules and Etiquette 9

Lightspeed Web Filtering 132

New Members joining the Diocesan WAN Consortium (Non WAN Members) 10

New Members joining the Diocesan WAN 10
Members desiring to withdraw from the Diocesan WAN 11

Network Monitor – PRTG Traffic Grapher 15

Purchasing Procedure 12

Troubleshooting (Connectivity and Content) 63

Before 8:00 am and after 5:00 pm 6

Use of Discovery Education Streaming 25

Use of Spam Filtering 226

Use of Study Island 24

Troubleshooting Study Island 25

Use of Video Conferencing Unit 1715

Video Conferencing Directory 178
Quick Guide for Video Conferencing Unit 187

Use of Video Conferencing Unit During Off Hours 232

Use of Web Conferencing/Web camera capabilities 242

Technical Information

Care of the Cisco 2900 Series Router

The specs for the Cisco 2921 router can be found at: http:www.hbgdioces.org/WAN.

There are two Ethernet cables coming out of the 2921 router, one in interface GigabitEthernet 0/0 (should be an orange cable) and one in GigabitEthernet 0/1 (should be a blue cable). The GigabitEthernet 0/0 interface is for the WAN connection (typically Comcast, but is PennTeleData for several sites and is a cable modem connection for the VPN sites). The GigabitEthernet 0/1 interface is connected to your local internal network.

There is also a power cable that goes out of the router and goes to the UPS. The UPS should be connected to your dedicated electrical circuit. If there is a connectivity problem with your router, see the Connectivity and Content Troubleshooting below.

Connectivity and Content Troubleshooting

Trouble accessing an application or the Internet could be caused by several circumstances. These circumstances can be either connectivity of the actual network, connectivity to the server that is running the application or other issues that prevent the application from running on the network.

Connectivity Troubleshooting

Make sure that no one has mistakenly caused a network loop. A network "loop" simply put is a data connection that logically connects to itself. Network loops will often affect everyone on a school network and cause significant network performance degradation and connectivity issues. Make sure that no one at your local level has modified the network in any way, thus causing a network loop. A visual clue that this has occurred is when the lights on your switch are a solid green rather than flashing green.

Some symptoms of a network loop are:

·  Internet access fails intermittently during the day.

·  Local network performance or Internet access becomes very slow.

·  Workstations cannot connect to servers or lose their connection to servers.

·  Workstations are unable to check email or go to the Internet.

Below are several visual examples of "network loops" which can cause an entire network to fail or at the very least cause intermittent network connectivity for workstations and servers.

For Connectivity Issues

If connectivity (the inability to connect to WAN or Internet resources) becomes a problem, the following connectivity test procedure should be performed:

1. Check to see if www.hbgdiocese.org can be reached. This test is to see if the link to the Diocese HQ is operational.
2. Check to see if www.iu13.org can be reached. This test is to see if the link to IU13 is operational.
3. Check to see if you can access another website such as www.cnn.com or www.usatoday.com. This test is for connectivity to see if Internet is operational.
4. If all sites cannot be accessed, check to see if there are green lights on your router on the front panel as indicated in the figure below for items 1,5,6, and 9:

1. If there are NO green lights present:
2. Check to see if the router power cable is plugged in to the router as noted above as item 3 and to the UPS.
3. Check to see if the UPS has green lights on the front panel as shown below for:
4. Online LED (middle of 3 LEDs immediately to left of Power On and Power Off buttons)
5. Load (far left vertical column of LEDs)
6. Battery (far right vertical column of LEDs)

1. If the UPS and Router do not have power, check to see if the circuit breaker has been blown
2. If this is a recurring issue, then you need to see an electrician regarding an installation of a 120 v, 15 amp dedicated line for the UPS.
3. For WAN remote sites with a dedicated Ethernet WAN connection from Comcast:
4. Check the status of the Comcast Ciena 311v switch:
5. Power Light should be on (Green)
6. Status Light should be on (Green)
7. Comcast Fiber Uplink (Port 28, on Left side of switch)
8. Port 28 (Uplink Port) should have LX light on (showing link) and fiber connected
9. Port 28 TX and RX lights will blink as traffic is passed
10. Customer 10/100 BaseT Copper Ethernet port (port 1, in middle of switch)
11. Copper port 1 is the customer handoff port
12. LED status indicators are on the right side of the switch
13. Link light 1 should be on (shows link) this will blink as traffic is passed.

b.  Once Comcast is called, a call is made to the WAN Coordinator. The WAN Coordinator can be reached at: 717-657-4804 ext. 254. NOTE: You will need to provide the WAN Coordinator with the Comcast ticket number

6.  For WAN remote sites with a VPN connection to the WAN:

1. Check the status of your cable modem indicator lights:
2. Confirm Power is on.
3. Confirm link to the 2921 router is active.
4. Confirm link to the cable service provider is active.
5. Contact the WAN Coordinator. The WAN Coordinator can be reached at: 717-657-4804 ext. 254

For Content Issues

If an entity cannot access an application such as Study Island or Discovery Education but can access the Internet, the School Wide Area Network Coordinator is contacted. The School WAN Coordinator will then contact IU 13 or the entity responsible for supplying the application. When the issue has been resolved, the school will be contacted.

Troubleshooting Support before 8:00am and after 5:00 pm Weekdays and Weekends

If an entity has a problem with connectivity or WAN application access during non-school hours, the entity should call the WAN Coordinator at 717-712-9298 who will open up a help desk ticket and the problem will be addressed in a timely manner.

Configuring Public IP Addresses

Each WAN member is assigned a block of public IP Addresses from IU13’s allocation from the American Registry for Internet Numbers (ARIN).

·  All Public IP Addresses are configured on the IU13 WAN core firewalls, not at the individual WAN remote sites.

·  To add or change a Network Address Translation (NAT) for a public IP Address to be assigned to a particular internal IP address for a remote site, a remote site needs to contact the WAN Coordinator and provide the following information:

o  Internal IP address

o  Public IP address out of the site’s allocation

o  Applicable firewall security ruleset (e.g. permit http traffic in from the Internet for a new webserver),,

o  Any associated external DNS changes

o  Requested implementation timeframe (normal requests should be at least 2 business days in advance of desired implementation date).

Configuring External DNS Entries

IU13 has two external name servers that are used to support external DNS zones for all WAN members, support both forward and reverse zones.

·  To request an external DNS entry change for a zone, a remote site needs to contact the WAN coordinator with and provide the following information:

o  DNS record change type (e.g. Add, Modify, Delete)

§  DNS information to be added/modified/deleted:

·  Text format: Add a new DNS entry for www.abcschool.org using public IP address 1.2.3.4

·  Actual DNS record: Add the following record for zone abcschool.org: www IN A 1.2.3.4

o  Requested implementation timeframe (normal requests should be at least 2 business days in advance of desired implementation date).

Procedural Information

The helpdesk procedure is applicable for users with a diocesan email account. Those users that do not have an account could use . This email contact will alert the IT department of your issue. Follow the steps below when you email the IT department.

The Diocese of Harrisburg’s Help Desk

·  Requests for Assistance
All requests for assistance from the IT Department are required to come through the Help Desk System by manually entering a request to from your diocesan email account with the following information:

o  Request Date

o  Requestor: (Your Name)

o  Phone with extension if applicable

o  Alternate Phone (Cell Phone if applicable)

o  Subject of the Difficulty (ex: Study Island)

o  Priority: Please indicate the urgency of request and a date to be completed

o  Then a detailed explanation of the nature of this help request.

·  The Diocese of Harrisburg’s Email for Remote Users

There are two different ways you can access your Diocesan email account:

Webmail

Open your Internet browser and go to the following web address:
https://webmail.hbgdiocese.org

Enter your Diocesan username and password to login

You now are logged into your Diocesan email

Remote Access

Open your Internet browser and go to the following web address:
https://apps.hbgdiocese.org

Enter your Diocesan username and password to login

Click on Outlook 2007 to open your Diocesan email

NOTE: You will need the Citrix receiver installed for Remote Access

If you have any questions or concerns about any of the information provided on this card please email the helpdesk at or call
717-657-4804 ext 281.

The Diocese of Harrisburg’s Intranet

There are two different ways you can access the Diocesan Intranet:

Remote Access

Open your Internet browser and go to the following web address: https://apps.hbgdiocese.org

Enter your Diocesan username and password to login

Click on Diocesan Intranet

If prompted for username and
password enter HBGDIO\Username and your password

Through the Internet

·Open your Internet browser and go to the following web address:
www.inside.hbgdiocese.org

·Enter your HBGDIO\Username for the username and your Diocesan
password in the password field

·If you do not have a Diocesan
account, enter in the following:

Username: HBGDIO\iguest Password: DioHbg11

· 

Note: The above list will be also on the www.hbgdiocese.org/WAN site.

·  Help Desk Emergency Situations
An emergency is a situation in which you require assistance within the next 10 minutes due to extreme circumstances. Follow up with a phone call to the Diocesan Office (717) 657-4804 with an emergency extension of 281. You will be presented with a menu. When you select ‘1’ for emergency, the call will ring on all IT personnel telephones.

·  Help Desk Hours of Operation
Please remember that although you can enter a request into the system 24 hours a day, 7 days a week, the hours of availability for the IT team are 8:00 am to 5:00 pm Monday through Friday.

Usingthe HelpDesk from your Citrix school/parish’s account

·  Logging In
Open “Internet Explorer” and go to www.help.hbgdiocese.org
Your username is the same as your Citrix username.
Your password is blank the first time you logon or is whatever was provided to you during your account setup.

·  Changing Password
Click on “My Password” to establish a “new” password.
Click on “My Details” to enter your location and telephone number.

·  Additional Assistance
For assistance in using the Help Desk, call the Help Desk directly at 657-4804 ext. 281

Listserv Rules & Etiquette

The Diocese of Harrisburg in partnership with IU 13 has established a listserv for communication between Technology Coordinators, Business Managers, and the Technology Committee of the Diocese. In order to join the Diocesan Listserv’s, contact the Wan Coordinator by sending an email specifically asking for this activity. Include in the body of the email the name of the person and the person’s email.

Emails sent to the Listserv should use the following address.

·  For business managers:

·  For Technology Coordinators:

·  For members of the Technology Team:

Emails sent to the listserv will be stored until the WAN Coordinator review the message. Only when the message is approved by the WAN Coordinator will the entire group receive the email. Do not respond to the actual listserv by respond to the user who sent the email.

By joining the list serve and using these e-mail lists, you agree that you have read and will follow the rules and guidelines below:.

·  Use caution when discussing specific products. Information posted on the lists is available for all to see, and comments are subject to libel, slander, and antitrust laws.

·  All defamatory, abusive, profane, threatening, offensive, or illegal materials are strictly prohibited. Such postings would be immediately deleted by the listserv WAN Coordinator without warning.

·  Please include a signature tag on all messages. Include your name, school/parish, city, and e-mail address.

·  State concisely and clearly the topic of your comments in the subject line. This allows members to respond more appropriately to your posting.

·  Only send a message to the entire list when it contains information that everyone can benefit from.

·  Send messages such as "thanks for the information" or "me, too" to individuals--not to the entire list. Do this by using your e-mail application's forwarding option and typing in or cutting and pasting in the e-mail address of the individual to whom you want to respond.

·  Administrative messages such as “remove me from the list” should be sent to the Wan Coordinator instead to the list serve itself. If you change your email address, send an email to the WAN Coordinator with the information.

·  All posts to the listserv will be monitored by the WAN Coordinator. Posts that are deemed unworthy due to their subject or nature will be deleted by the Wan Coordinator without warning.

Membership Information