¶ Accessing the IBR network
Devices can access the institute network in various ways.
¶ External Access
If your device is located outside the IBR network in terms of network topology (regardless of whether it is wired, Wi-Fi, or mobile) and has an Internet connection, all access to IBR services and systems is routed through the IBR firewall. The firewall is configured as opt-in, i.e., only a few services that are deliberately offered to the outside world are accessible in this way.
¶ Internal Ethernet
The institute's rooms have numerous RJ45 connections on the walls and in the floor, most of which provide direct access to the IBR's standard VLAN ibr-misc. Currently, no authentication is required here, but your device needs to be registered! Depending on whether the device is known in LDAP, a DHCP IPv4 address is assigned from various subnets, some with public addresses, some with private addresses that are NATed by the firewall. IPv6 is also always available via SLAAC.
Some of the RJ45 ports are not connected to the network but are intended for telephone devices. In the worst case, computers connected here could be damaged.
¶ Wi-Fi "eduroam"
The generally recommended way to use Wi-Fi at TU Braunschweig is via the GITZ Wi-Fi service, preferably via the "eduroam" service, which can also be used at many other European universities once it has been configured correctly.
¶ Wi-Fi "eduroam" for employees
Employees are usually activated for use of the GITZ “Institute Wi-Fi” service by the IT coordinator (primarily Frank). This means that instead of logging in as user@tu-braunschweig.de, you can now log in as user#intern@tu-braunschweig.de, which connects your device directly to the IBR VLAN rather than to the GITZ pool subnet.
This VLAN access is not possible outside the TU Braunschweig, i.e., at other universities, you are also an “external” client for the IBR network in this form, see above.
Multicast is currently not possible in eduroam, i.e., service discovery (finding printers, finding AppleTV in the seminar room) will unfortunately not work in Eduroam.
¶ Wi-Fi "GBASE"
TBD. Only within the scope of research projects for devices that cannot use eduroam.
The controller runs on https://gbase.ibr.cs.tu-bs.de. Currently, 10 APs are permanently in operation. An outdoor AP can be put into operation if necessary. It requires a PoE injector. These parts and other currently unused GBASE/Unifi hardware are located in IZ 142 (Techniklager).
¶ Unknown Devices
During the summer of 2025, network access has been restricted for devices that are unknown in the local directory service. For security reasons, it is no longer acceptable to provide network connectivity to completely unknown devices. However, there are ways to register not only IBR work devices but also private devices based on their MAC address. This will enable us to contact the right people promptly in the event of any anomalies in the future.
Currently, the command ibr-netguests displays a list of all currently “unknown” devices. If a device is identified as your own private device, it can be registered using the help information also displayed.
¶ Disable MAC address randomization
Many modern devices randomize their MAC address for privacy reasons (mostly mobile phones in Wi-Fi networks). Obviously, you would lose network access when your device's MAC differs from the one registered at the IBR. Therefore, you need to either use your hardware MAC or set a randomized but static MAC.
See also:
¶ Registering work devices
Every work device should have a host record in our LDAP. Host records have a macAddress attribute for the primary MAC address. In addition, any number of MAC addresses for additional interfaces can be stored in ibrSecondaryMacAddress.
If the host does not yet exist, it must of course be created first. Changes can only be made by the supervisor of a host.
- Create a host:
$ dirac
dirac - IBR directory access tool (0.1, 2025-03-20)
https://gitlab.ibr.cs.tu-bs.de/steinb/dirac
[1] IBR:IBRUser steinb > hosts
[2] IBR: 247 IBRHosts > create
Hostname: project-foo-pc
MAC address: 00:00:00:00:00:0f
Initial expire date (YYYY-MM-DD) [2025-08-01]: 2025-12-31
Supervisor username (must be a member of mitarb) [steinb]:
creating cn=project-foo-pc,ou=computers,dc=ibr,dc=cs,dc=tu-bs,dc=de
synchronous create result: success
[3] IBR:IBRHost notebook-steinb > exit
- Add macAddress to host:
$ dirac
dirac - IBR directory access tool (0.1, 2025-03-20)
https://gitlab.ibr.cs.tu-bs.de/steinb/dirac
[1] IBR:IBRUser steinb > host notebook-steinb
[2] IBR:IBRHost notebook-steinb > set macAddress 38:f9:d3:e5:14:55
modifying cn=notebook-steinb,ou=computers,dc=ibr,dc=cs,dc=tu-bs,dc=de (2 changes)
modify result: success
[3] IBR:IBRHost notebook-steinb > exit
¶ Registering private devices
Every user (including students) can store any number of MAC addresses for personal devices in their personal LDAP user record in ibrPrivateMacAddress. These can then be used in Ethernet and, if necessary, in GBASE Wi-Fi.
Detailed instructions: Registering Private Network Clients
¶ OpenVPN
If external access to the internal network is still required, OpenVPN can be used.
¶ Changes for Ethernet and "GBASE"
Starting on 2025-07-11, only known devices will be granted access to GBASE. Unknown devices will then be excluded from GBASE.
Starting on 2025-08-01, unknown devices will no longer be routed to the Internet via NAT in Ethernet. Unknown devices will then only be able to communicate within the IBR LAN.
Please refrain from changing your MAC address in order to gain access. We do not want to deny you access, but simply to make it easier to identify devices in case of problems. If you do not know how to register your devices, please contact Frank.
¶ Netz-Topologie
(Diagrams from the presentation at PhD retreat 2024, see also /ibr/doc/retreat/2024-cm/)
Update 2024-11: The switches in the Informatikzentrum were upgraded at the end of 2024. Now, some ports can operate at up to 5 Gbit/s. The uplinks in the basement 
consist of 2 * 25 Gbit/s. Lines leave the building in the direction of GITZ and the Altbau, also with 2 * 25 Gbit/s each. Uplinks to the Internet and DFN currently have 2 * 10 Gbit/s.