Network and Wireless

CSAIL Network

TIG provides network support throughout the Stata Center (except Student Street and certain underground areas). The CSAIL wireless network serves all floors in the Gates tower and CSAIL areas in the Dreyfoos tower (D5 and below), but does not serve first-floor classrooms or Student Street.

Network Infrastructure

The CSAIL network provides gigabit Ethernet at a density of one port per 25 square feet of office space, for a total of approximately 4,000 gigabit network ports.

Backbone: 100-gigabit Ethernet with two redundant switches and a 200 Gbit/s link between core switches.

External connectivity: 10 Gbit/s aggregate, plus a private 10-gigabit link to the Massachusetts Green High-Performance Computing Center in Holyoke with layer-3 redundancy.

Getting Connected

Wired: Blue-colored data jacks in offices and open lab areas are live by default. Just plug in an ethernet cable. DHCP provides IP address, DNS, and netmask automatically. (We can provide a cable if needed.)

Wireless: Connect to CSAIL Wireless or CSAILPrivate (required for printing).

No registration needed. Your device will connect to the network immediately upon plugging in or connecting wirelessly.

Firewall

Most of the CSAIL network is behind a stateful firewall. Unlike most organizations, our policy is to permit traffic by default: once you connect, your device is on the public Internet and subject to continuous exploration and attack.

We block services and protocols that cannot be practically secured. We also block many remote login services (SSH, Remote Desktop, VNC) to limit brute-force attacks. These are allowed for campus VPN users.

See Port filtering and SSH access for more information.

Static IP Addresses

Wired Network

To request a static IP address:

1. Register a hostname in WebDNS (CSAIL login required) using the WebDNS Users Guide
2. WebDNS will assign you a static IP address
3. Register your MAC address in DHREG (CSAIL login required) for that IP address

CSAILPrivate Network

Devices on CSAILPrivate can have static IPs in the “CSAIL private wireless” range (128.30.8.0/22):

1. Register a domain name in WebDNS
2. Register the IP address in DHREG
3. Configure your device with the assigned address

Switching from old wireless: If you’re moving from the old StataCenter wireless network, delete old entries in WebDNS and DHREG, then re-register for a new IP in the “CSAIL private wireless” range. Allow an hour for changes to take effect.

Naming suggestion: Consider names like csaillogin-devicetype.csail.mit.edu (e.g., jsekora-laptop.csail.mit.edu) to help identify your devices.

DNS, DHCP & Wireless

DNS:

• WebDNS (CSAIL login required)
• WebDNS Users Guide
• CSAIL Host Registration Policy
• Name Server List
• DNS Security

DHCP:

• DHREG (CSAIL login required)

Wireless:

• CSAIL Wireless information
• Connecting to CSAILPrivate
• Connecting your own wireless access point

Remote Access

CSAIL provides multiple methods for secure remote access to systems on the CSAIL network.

SSH (Recommended)

SSH access is the recommended method for remote access to CSAIL systems.

Key points:

• DUO Multi-Factor Authentication required (as of August 5, 2025)
• Use the CSAIL jump host (jump.csail.mit.edu) to access systems from
• IDEs and tools that use SSH (VSCode, Cursor, PuTTY) require special configuration — see SSH documentation for details

For complete SSH setup and troubleshooting, see the SSH access page.

Campus VPN

Campus VPN provides an alternative to the jump host for remote access.

Note: VPN connections receive a MITnet IP address (not a CSAIL address) and do not completely bypass the firewall. Not all applications are automatically permitted from the VPN.