RE: [WIRELESS-LAN] Private IP space for wireless users- anyone?
We've been using /21's for a couple of years on the wireless and /20's on the wired side for a couple of years now without any real problems. The only feature we've been using on the access points to prevent some of the non-required traffic has been applying ether-type filters to block IPv6, Appletalk, and IPX when we can. We looked at using /22's on the wired side for the residence halls a couple years ago but found a number of games required all clients to be in the same broadcast domain. Patrick Goggins Network Administrator Carroll University From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Jim Glassford Sent: Monday, March 01, 2010 3:18 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- anyone? Hi Aaron, I asked about this in April 2008 right before we did our first /21 and had replies of sites using /20s without problems. As David said, "if using cisco wlc, the default behaviour is to block broadcast and multicast traffic from being sent out the WLAN to other wireless client devices". Other vendors may have similar, we have had no problem with /21 on wireless. We do not do this on any wired LAN, just the controller based lwap and now capwap wireless. thanks! jim On 3/1/2010 3:58 PM, Aaron S. Thompson wrote: I'm surprised at the use of such large broadcast domains, 4094 or even 2046 available hosts? We have found domains that large could bring necessary broadcast load on your network gear and client load of having to respond to all the broadcast traffic. Once we identified these potential problems we began deploying /24's. We are using the private address space allocation with PAT. Any other thoughts on broadcast domains? Do others treat the wireless different from the LAN? - Aaron Thompson Network Services Manager Network and Telecommunications Berklee College of Music 1140 Boylston Street, MS-186 NETT Boston, MA 02215-3693 617.747.8656 athomp...@berklee.edu<mailto:athomp...@berklee.edu> www.berklee.edu<http://www.berklee.edu/> On Mar 1, 2010, at 3:15 PM, David Wang wrote: James, if you using cisco wlc, the default behaviour is to block broadcast and multicast traffic from being sent out the WLAN to other wireless client devices. We are using multiple /21 private IPs with NAT. David Wang Networking and Security Services, CCS University of Guelph 519-824-4120 ext 52046 On 2009-12-16, at 10:04 AM, Jamie Savage wrote: Ken, /20 subnets?.I've always been concerned about such a large broadcast domain.iewe've not gone larger than /22. Have you done any special tweaking to facilitate the /20s or have they just worked fine as is? .thx...J James Savage York University Senior Communications Tech. 108 Steacie Building jsav...@yorku.ca<mailto:jsav...@yorku.ca>4700 Keele Street ph: 416-736-2100 ext. 22605Toronto, Ontario fax: 416-736-5830M3J 1P3, CANADA From:Ken LeCompte mailto:lecom...@nbcs.rutgers.edu>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Date: 12/16/2009 08:11 AM Subject:Re: [WIRELESS-LAN] Private IP space for wireless users- anyone? Sent by:The EDUCAUSE Wireless Issues Constituent Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> We are doing NAT/PAT at the edge with a firewall module in a 6500 for our 5000 peak logged in users. We use four /20's to break up those users across our wireless controllers. The wireless users are also not the only ones being NATed at that firewall module. All of the dorm wired users are NATed there too. Thanks. Ken -- Ken LeCompte - Telecommunications Analyst Rutgers University Office of Information Technology Campus Computing Services - Central Systems and Services Office ~ (732) 445-4823 On Dec 15, 2009, at 6:36 AM, Lee H Badman wrote: > Thanks for all of the responses- I wonder if anyone with a peak > usage like ours is doing NAT- almost 6500 clients? > > -Lee > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [wireless-...@listserv.educause.edu<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > ] On Behalf Of Jason Appah [jason.ap...@oit.edu<mailto:jason.ap...@oit.edu>] > Sent: Monday, December 14, 2009 11:03 PM > To: > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- > anyone? > > Yes, that is what we do. I just wondered how big if a bear it would be > to track pat in a university wireless environment.
Re: [WIRELESS-LAN] Private IP space for wireless users- anyone?
Hi Aaron, I asked about this in April 2008 right before we did our first /21 and had replies of sites using /20s without problems. As David said, "if using cisco wlc, the default behaviour is to block broadcast and multicast traffic from being sent out the WLAN to other wireless client devices". Other vendors may have similar, we have had no problem with /21 on wireless. We do not do this on any wired LAN, just the controller based lwap and now capwap wireless. thanks! jim On 3/1/2010 3:58 PM, Aaron S. Thompson wrote: I'm surprised at the use of such large broadcast domains, 4094 or even 2046 available hosts? We have found domains that large could bring necessary broadcast load on your network gear and client load of having to respond to all the broadcast traffic. Once we identified these potential problems we began deploying /24's. We are using the private address space allocation with PAT. Any other thoughts on broadcast domains? Do others treat the wireless different from the LAN? - Aaron Thompson Network Services Manager Network and Telecommunications Berklee College of Music 1140 Boylston Street, MS-186 NETT Boston, MA 02215-3693 617.747.8656 athomp...@berklee.edu <mailto:athomp...@berklee.edu> www.berklee.edu <http://www.berklee.edu/> On Mar 1, 2010, at 3:15 PM, David Wang wrote: James, if you using cisco wlc, the default behaviour is to block broadcast and multicast traffic from being sent out the WLAN to other wireless client devices. We are using multiple /21 private IPs with NAT. David Wang Networking and Security Services, CCS University of Guelph 519-824-4120 ext 52046 On 2009-12-16, at 10:04 AM, Jamie Savage wrote: Ken, /20 subnets?.I've always been concerned about such a large broadcast domain.iewe've not gone larger than /22. Have you done any special tweaking to facilitate the /20s or have they just worked fine as is? .thx...J James Savage York University Senior Communications Tech. 108 Steacie Building jsav...@yorku.ca <mailto:jsav...@yorku.ca> 4700 Keele Street ph: 416-736-2100 ext. 22605Toronto, Ontario fax: 416-736-5830M3J 1P3, CANADA From: Ken LeCompte <mailto:lecom...@nbcs.rutgers.edu>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Date: 12/16/2009 08:11 AM Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- anyone? Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> We are doing NAT/PAT at the edge with a firewall module in a 6500 for our 5000 peak logged in users. We use four /20's to break up those users across our wireless controllers. The wireless users are also not the only ones being NATed at that firewall module. All of the dorm wired users are NATed there too. Thanks. Ken -- Ken LeCompte - Telecommunications Analyst Rutgers University Office of Information Technology Campus Computing Services - Central Systems and Services Office ~ (732) 445-4823 On Dec 15, 2009, at 6:36 AM, Lee H Badman wrote: > Thanks for all of the responses- I wonder if anyone with a peak > usage like ours is doing NAT- almost 6500 clients? > > -Lee > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv [wireless-...@listserv.educause.edu > ] On Behalf Of Jason Appah [jason.ap...@oit.edu] > Sent: Monday, December 14, 2009 11:03 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- > anyone? > > Yes, that is what we do. I just wondered how big if a bear it would be > to track pat in a university wireless environment. > > In a second related note, we recently changed our NAT timeout from 3 > to 2 hours as we were beginning to run out of 1 to 1 NAT ranges > > Sent from my iPhone > > Jason Appah > Systems Administrator > Oregon Tech > > On Dec 14, 2009, at 6:33 PM, "Phil Trivilino" <mailto:p...@stlawu.edu>> wrote: > >> We do 1to1 dynamic NAT on the ASA firewall and log all the >> translations to a syslog server. Easy to get the private ip from >> the log given the time and global ip. It is all we've seen the need >> for to this point. >> Phil >> >> On Dec 14, 2009, at 8:55 PM, Lee H Badman wrote: >> >>> Wondering how many other schools are using private IP space for >>> wireless users, how you accomplish the NAT, and what mechanisms you >>> use for user tracking for the private-public mappings for forensic/ >
Re: [WIRELESS-LAN] Private IP space for wireless users- anyone?
I'm surprised at the use of such large broadcast domains, 4094 or even 2046 available hosts? We have found domains that large could bring necessary broadcast load on your network gear and client load of having to respond to all the broadcast traffic. Once we identified these potential problems we began deploying /24's. We are using the private address space allocation with PAT. Any other thoughts on broadcast domains? Do others treat the wireless different from the LAN? - Aaron Thompson Network Services Manager Network and Telecommunications Berklee College of Music 1140 Boylston Street, MS-186 NETT Boston, MA 02215-3693 617.747.8656 athomp...@berklee.edu www.berklee.edu On Mar 1, 2010, at 3:15 PM, David Wang wrote: > James, if you using cisco wlc, the default behaviour is to block broadcast > and multicast traffic from being sent out the WLAN to other wireless client > devices. We are using multiple /21 private IPs with NAT. > > David Wang > Networking and Security Services, CCS > University of Guelph 519-824-4120 ext 52046 > > On 2009-12-16, at 10:04 AM, Jamie Savage wrote: > > Ken, > /20 subnets?.I've always been concerned about such a large > broadcast domain.iewe've not gone larger than /22. Have you done any > special tweaking to facilitate the /20s or have they just worked fine as is? > > .thx...J > > James Savage York University > Senior Communications Tech. 108 Steacie Building > jsav...@yorku.ca4700 Keele Street > ph: 416-736-2100 ext. 22605Toronto, Ontario > fax: 416-736-5830M3J 1P3, CANADA > > > > From:Ken LeCompte > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Date: 12/16/2009 08:11 AM > Subject:Re: [WIRELESS-LAN] Private IP space for wireless users- > anyone? > Sent by:The EDUCAUSE Wireless Issues Constituent Group Listserv > > > > > We are doing NAT/PAT at the edge with a firewall module in a 6500 for > our 5000 peak logged in users. We use four /20's to break up those > users across our wireless controllers. The wireless users are also not > the only ones being NATed at that firewall module. All of the dorm > wired users are NATed there too. > > Thanks. > > Ken > > -- > Ken LeCompte - Telecommunications Analyst > Rutgers University Office of Information Technology > Campus Computing Services - Central Systems and Services > Office ~ (732) 445-4823 > > On Dec 15, 2009, at 6:36 AM, Lee H Badman wrote: > > > Thanks for all of the responses- I wonder if anyone with a peak > > usage like ours is doing NAT- almost 6500 clients? > > > > -Lee > > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > > [wireless-...@listserv.educause.edu > > ] On Behalf Of Jason Appah [jason.ap...@oit.edu] > > Sent: Monday, December 14, 2009 11:03 PM > > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > > Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- > > anyone? > > > > Yes, that is what we do. I just wondered how big if a bear it would be > > to track pat in a university wireless environment. > > > > In a second related note, we recently changed our NAT timeout from 3 > > to 2 hours as we were beginning to run out of 1 to 1 NAT ranges > > > > Sent from my iPhone > > > > Jason Appah > > Systems Administrator > > Oregon Tech > > > > On Dec 14, 2009, at 6:33 PM, "Phil Trivilino" wrote: > > > >> We do 1to1 dynamic NAT on the ASA firewall and log all the > >> translations to a syslog server. Easy to get the private ip from > >> the log given the time and global ip. It is all we've seen the need > >> for to this point. > >> Phil > >> > >> On Dec 14, 2009, at 8:55 PM, Lee H Badman wrote: > >> > >>> Wondering how many other schools are using private IP space for > >>> wireless users, how you accomplish the NAT, and what mechanisms you > >>> use for user tracking for the private-public mappings for forensic/ > >>> investigatory purposes. > >>> > >>> Thanks- > >>> > >>> Lee > >>> ** > >>> Participation and subscription information for this EDUCAUSE > >>> Constituent Group discussion list can be found at > >>> http://www.educause.edu/groups/ > >>> . > >> > >> ** > >> Par
Re: [WIRELESS-LAN] Private IP space for wireless users- anyone?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Lee, On 15/12/2009 01:55, Lee H Badman wrote: > Wondering how many other schools are using private IP space for > wireless users, how you accomplish the NAT, and what mechanisms > you use for user tracking for the private-public mappings for > forensic/investigatory purposes. (sorry for v. late thread response, just getting back to the list after some time off) Our wireless services use RFC1918 and route back to a pair of Linux-based routing firewalls running in failover, doing NAT. Nothing particularly special there. We did develop some software in-house to create NetFlow v5 from the NAT taking place on those boxes, which allows quite easy tracing of user activity: http://search.cpan.org/perldoc?Net::Netfilter::NetFlow HTH, oliver. - -- Oliver Gorwits, Network and Telecommunications Group, Oxford University Computing Services -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktGPZUACgkQ2NPq7pwWBt5NCwCePDTVkADCjMLkybQqrKeiYN2Y aHYAn1t2x/ubRsIz2FRIvHF01LJtILZe =X2r3 -END PGP SIGNATURE- ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Private IP space for wireless users- anyone?
Jamie, We have a Bluesocket/Meru implementation. Both companies perform broadcast suppression by using proxy ARP at the access points. Meru also converts a lot of broadcast frames into unicast at the access point for the same reason. In any event, I was apprehensive about the move initially, but the claims seem accurate as the broadcast traffic seems quite limited at individual clients. Thanks. Ken -- Ken LeCompte - Telecommunications Analyst Rutgers University Office of Information Technology Campus Computing Services - Central Systems and Services Office ~ (732) 445-4823 On Dec 16, 2009, at 10:04 AM, Jamie Savage wrote: Ken, /20 subnets?.I've always been concerned about such a large broadcast domain.iewe've not gone larger than /22. Have you done any special tweaking to facilitate the /20s or have they just worked fine as is? .thx...J James Savage York University Senior Communications Tech. 108 Steacie Building jsav...@yorku.ca4700 Keele Street ph: 416-736-2100 ext. 22605Toronto, Ontario fax: 416-736-5830M3J 1P3, CANADA From:Ken LeCompte To:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date:12/16/2009 08:11 AM Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- anyone? Sent by:The EDUCAUSE Wireless Issues Constituent Group Listserv We are doing NAT/PAT at the edge with a firewall module in a 6500 for our 5000 peak logged in users. We use four /20's to break up those users across our wireless controllers. The wireless users are also not the only ones being NATed at that firewall module. All of the dorm wired users are NATed there too. Thanks. Ken -- Ken LeCompte - Telecommunications Analyst Rutgers University Office of Information Technology Campus Computing Services - Central Systems and Services Office ~ (732) 445-4823 On Dec 15, 2009, at 6:36 AM, Lee H Badman wrote: > Thanks for all of the responses- I wonder if anyone with a peak > usage like ours is doing NAT- almost 6500 clients? > > -Lee > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv [wireless-...@listserv.educause.edu > ] On Behalf Of Jason Appah [jason.ap...@oit.edu] > Sent: Monday, December 14, 2009 11:03 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- > anyone? > > Yes, that is what we do. I just wondered how big if a bear it would be > to track pat in a university wireless environment. > > In a second related note, we recently changed our NAT timeout from 3 > to 2 hours as we were beginning to run out of 1 to 1 NAT ranges > > Sent from my iPhone > > Jason Appah > Systems Administrator > Oregon Tech > > On Dec 14, 2009, at 6:33 PM, "Phil Trivilino" wrote: > >> We do 1to1 dynamic NAT on the ASA firewall and log all the >> translations to a syslog server. Easy to get the private ip from >> the log given the time and global ip. It is all we've seen the need >> for to this point. >> Phil >> >> On Dec 14, 2009, at 8:55 PM, Lee H Badman wrote: >> >>> Wondering how many other schools are using private IP space for >>> wireless users, how you accomplish the NAT, and what mechanisms you >>> use for user tracking for the private-public mappings for forensic/ >>> investigatory purposes. >>> >>> Thanks- >>> >>> Lee >>> ** >>> Participation and subscription information for this EDUCAUSE >>> Constituent Group discussion list can be found at http://www.educause.edu/groups/ >>> . >> >> ** >> Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at http://www.educause.edu/groups/ >> . > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/groups/ > . > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/groups/ > . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Private IP space for wireless users- anyone?
Ken, /20 subnets?.I've always been concerned about such a large broadcast domain.iewe've not gone larger than /22. Have you done any special tweaking to facilitate the /20s or have they just worked fine as is? .thx...J James Savage York University Senior Communications Tech. 108 Steacie Building jsav...@yorku.ca4700 Keele Street ph: 416-736-2100 ext. 22605Toronto, Ontario fax: 416-736-5830M3J 1P3, CANADA From: Ken LeCompte To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date: 12/16/2009 08:11 AM Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- anyone? Sent by:The EDUCAUSE Wireless Issues Constituent Group Listserv We are doing NAT/PAT at the edge with a firewall module in a 6500 for our 5000 peak logged in users. We use four /20's to break up those users across our wireless controllers. The wireless users are also not the only ones being NATed at that firewall module. All of the dorm wired users are NATed there too. Thanks. Ken -- Ken LeCompte - Telecommunications Analyst Rutgers University Office of Information Technology Campus Computing Services - Central Systems and Services Office ~ (732) 445-4823 On Dec 15, 2009, at 6:36 AM, Lee H Badman wrote: > Thanks for all of the responses- I wonder if anyone with a peak > usage like ours is doing NAT- almost 6500 clients? > > -Lee > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv [wireless-...@listserv.educause.edu > ] On Behalf Of Jason Appah [jason.ap...@oit.edu] > Sent: Monday, December 14, 2009 11:03 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- > anyone? > > Yes, that is what we do. I just wondered how big if a bear it would be > to track pat in a university wireless environment. > > In a second related note, we recently changed our NAT timeout from 3 > to 2 hours as we were beginning to run out of 1 to 1 NAT ranges > > Sent from my iPhone > > Jason Appah > Systems Administrator > Oregon Tech > > On Dec 14, 2009, at 6:33 PM, "Phil Trivilino" wrote: > >> We do 1to1 dynamic NAT on the ASA firewall and log all the >> translations to a syslog server. Easy to get the private ip from >> the log given the time and global ip. It is all we've seen the need >> for to this point. >> Phil >> >> On Dec 14, 2009, at 8:55 PM, Lee H Badman wrote: >> >>> Wondering how many other schools are using private IP space for >>> wireless users, how you accomplish the NAT, and what mechanisms you >>> use for user tracking for the private-public mappings for forensic/ >>> investigatory purposes. >>> >>> Thanks- >>> >>> Lee >>> ** >>> Participation and subscription information for this EDUCAUSE >>> Constituent Group discussion list can be found at http://www.educause.edu/groups/ >>> . >> >> ** >> Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at http://www.educause.edu/groups/ >> . > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/groups/ > . > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/groups/ > . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Private IP space for wireless users- anyone?
We are doing NAT/PAT at the edge with a firewall module in a 6500 for our 5000 peak logged in users. We use four /20's to break up those users across our wireless controllers. The wireless users are also not the only ones being NATed at that firewall module. All of the dorm wired users are NATed there too. Thanks. Ken -- Ken LeCompte - Telecommunications Analyst Rutgers University Office of Information Technology Campus Computing Services - Central Systems and Services Office ~ (732) 445-4823 On Dec 15, 2009, at 6:36 AM, Lee H Badman wrote: Thanks for all of the responses- I wonder if anyone with a peak usage like ours is doing NAT- almost 6500 clients? -Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv [wireless-...@listserv.educause.edu ] On Behalf Of Jason Appah [jason.ap...@oit.edu] Sent: Monday, December 14, 2009 11:03 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- anyone? Yes, that is what we do. I just wondered how big if a bear it would be to track pat in a university wireless environment. In a second related note, we recently changed our NAT timeout from 3 to 2 hours as we were beginning to run out of 1 to 1 NAT ranges Sent from my iPhone Jason Appah Systems Administrator Oregon Tech On Dec 14, 2009, at 6:33 PM, "Phil Trivilino" wrote: We do 1to1 dynamic NAT on the ASA firewall and log all the translations to a syslog server. Easy to get the private ip from the log given the time and global ip. It is all we've seen the need for to this point. Phil On Dec 14, 2009, at 8:55 PM, Lee H Badman wrote: Wondering how many other schools are using private IP space for wireless users, how you accomplish the NAT, and what mechanisms you use for user tracking for the private-public mappings for forensic/ investigatory purposes. Thanks- Lee ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Private IP space for wireless users- anyone?
Hey Lee, We have approximately 8200 users during peak times but that is split between two SSIDs. For our secure SSID we are authenticating using Cisco ACS which we are logging, this gives us the NetID (username) to 10net address. We are doing our PAT at the border firewall which is logging the translations. Holler if you need further info. Ken Ken Boynton Communications Network Analyst, Sr. UITS-IS-CID-NetOps University of Arizona 520.621.5640 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Tuesday, December 15, 2009 4:36 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- anyone? Thanks for all of the responses- I wonder if anyone with a peak usage like ours is doing NAT- almost 6500 clients? -Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv [wireless-...@listserv.educause.edu] On Behalf Of Jason Appah [jason.ap...@oit.edu] Sent: Monday, December 14, 2009 11:03 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- anyone? Yes, that is what we do. I just wondered how big if a bear it would be to track pat in a university wireless environment. In a second related note, we recently changed our NAT timeout from 3 to 2 hours as we were beginning to run out of 1 to 1 NAT ranges Sent from my iPhone Jason Appah Systems Administrator Oregon Tech On Dec 14, 2009, at 6:33 PM, "Phil Trivilino" wrote: > We do 1to1 dynamic NAT on the ASA firewall and log all the > translations to a syslog server. Easy to get the private ip from > the log given the time and global ip. It is all we've seen the need > for to this point. > Phil > > On Dec 14, 2009, at 8:55 PM, Lee H Badman wrote: > >> Wondering how many other schools are using private IP space for >> wireless users, how you accomplish the NAT, and what mechanisms you >> use for user tracking for the private-public mappings for forensic/ >> investigatory purposes. >> >> Thanks- >> >> Lee >> ** >> Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at http://www.educause.edu/groups/ >> . > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/groups/ > . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Private IP space for wireless users- anyone?
Careful what you wish for..I can recall installing my first AP and wishing/watching for days until I got my first wireless user..now I wish they'd get lost!...;+) We peak at approx. 6000 IPs dhcp'd out but only approx 80% of those IPs are actually used. The rest are sucked up by devices whose radios are simply powered on. We still assign public IPs and are good for a while yet but there may come a day when PAT will be necessary. We try to make our subnets as large as we dare. Eg. A /22 subnet facilitates a more efficient use of IPs than 4 /24s. ..J James Savage York University Senior Communications Tech. 108 Steacie Building jsav...@yorku.ca4700 Keele Street ph: 416-736-2100 ext. 22605Toronto, Ontario fax: 416-736-5830M3J 1P3, CANADA From: Jason Appah To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date: 12/15/2009 11:00 AM Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- anyone? Sent by:The EDUCAUSE Wireless Issues Constituent Group Listserv I wish we had your volume, 650 peak -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [ mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Tuesday, December 15, 2009 3:36 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- anyone? Thanks for all of the responses- I wonder if anyone with a peak usage like ours is doing NAT- almost 6500 clients? -Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv [wireless-...@listserv.educause.edu] On Behalf Of Jason Appah [jason.ap...@oit.edu] Sent: Monday, December 14, 2009 11:03 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- anyone? Yes, that is what we do. I just wondered how big if a bear it would be to track pat in a university wireless environment. In a second related note, we recently changed our NAT timeout from 3 to 2 hours as we were beginning to run out of 1 to 1 NAT ranges Sent from my iPhone Jason Appah Systems Administrator Oregon Tech On Dec 14, 2009, at 6:33 PM, "Phil Trivilino" wrote: > We do 1to1 dynamic NAT on the ASA firewall and log all the > translations to a syslog server. Easy to get the private ip from > the log given the time and global ip. It is all we've seen the need > for to this point. > Phil > > On Dec 14, 2009, at 8:55 PM, Lee H Badman wrote: > >> Wondering how many other schools are using private IP space for >> wireless users, how you accomplish the NAT, and what mechanisms you >> use for user tracking for the private-public mappings for forensic/ >> investigatory purposes. >> >> Thanks- >> >> Lee >> ** >> Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at http://www.educause.edu/groups/ >> . > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/groups/ > . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Private IP space for wireless users- anyone?
I wish we had your volume, 650 peak -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Tuesday, December 15, 2009 3:36 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- anyone? Thanks for all of the responses- I wonder if anyone with a peak usage like ours is doing NAT- almost 6500 clients? -Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv [wireless-...@listserv.educause.edu] On Behalf Of Jason Appah [jason.ap...@oit.edu] Sent: Monday, December 14, 2009 11:03 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- anyone? Yes, that is what we do. I just wondered how big if a bear it would be to track pat in a university wireless environment. In a second related note, we recently changed our NAT timeout from 3 to 2 hours as we were beginning to run out of 1 to 1 NAT ranges Sent from my iPhone Jason Appah Systems Administrator Oregon Tech On Dec 14, 2009, at 6:33 PM, "Phil Trivilino" wrote: > We do 1to1 dynamic NAT on the ASA firewall and log all the > translations to a syslog server. Easy to get the private ip from > the log given the time and global ip. It is all we've seen the need > for to this point. > Phil > > On Dec 14, 2009, at 8:55 PM, Lee H Badman wrote: > >> Wondering how many other schools are using private IP space for >> wireless users, how you accomplish the NAT, and what mechanisms you >> use for user tracking for the private-public mappings for forensic/ >> investigatory purposes. >> >> Thanks- >> >> Lee >> ** >> Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> http://www.educause.edu/groups/ >> . > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/ > . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Private IP space for wireless users- anyone?
Our usage is peaking around 3600 right now. We have been trying to come up with some kind of a NAT solution since that number is only going to go up, and quickly because we're working on tripling our number of wireless access points. We don't have a good solution yet but I wanted to let you know you're not the only ones in that boat. If we do find a viable solution I'll share here. Thanks, -- Brandon Case, CCNA Network Engineer, ITaP Purdue University ca...@purdue.edu Office: (765)49-67096 Mobile: (765)479-7597 Fax:(765)49-46620 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Tuesday, December 15, 2009 6:36 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- anyone? Thanks for all of the responses- I wonder if anyone with a peak usage like ours is doing NAT- almost 6500 clients? -Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv [wireless-...@listserv.educause.edu] On Behalf Of Jason Appah [jason.ap...@oit.edu] Sent: Monday, December 14, 2009 11:03 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- anyone? Yes, that is what we do. I just wondered how big if a bear it would be to track pat in a university wireless environment. In a second related note, we recently changed our NAT timeout from 3 to 2 hours as we were beginning to run out of 1 to 1 NAT ranges Sent from my iPhone Jason Appah Systems Administrator Oregon Tech On Dec 14, 2009, at 6:33 PM, "Phil Trivilino" wrote: > We do 1to1 dynamic NAT on the ASA firewall and log all the > translations to a syslog server. Easy to get the private ip from > the log given the time and global ip. It is all we've seen the need > for to this point. > Phil > > On Dec 14, 2009, at 8:55 PM, Lee H Badman wrote: > >> Wondering how many other schools are using private IP space for >> wireless users, how you accomplish the NAT, and what mechanisms you >> use for user tracking for the private-public mappings for forensic/ >> investigatory purposes. >> >> Thanks- >> >> Lee >> ** >> Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> http://www.educause.edu/groups/ >> . > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/ > . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Private IP space for wireless users- anyone?
Hector, How much disk space are you using for the 30 days of log? Just curious. Lee, we are doing PAT at our border with 4 public IPs. I think during peak usage we might have 2000 simultaneous connections, but the usual is probably closer to 1500 . -- Heath Barnhart Asst. Systems and Networking Admin Information Systems and Services Washburn University Topeka, KS 66621 Hector J Rios wrote: Lee, We use private IPs, we PAT at the border and we log all transactions on a Juniper firewall so that we can keep a log of the private-to-public translations. We keep 30 days of logs right now. We are buying more disk space to save up to 90 days. It's been very effective. As a side note, we would not be able to maintain our wireless if we did not have a private IP space. Just this semester we had to increase the IP subnet for our library. On finals week we saw over 800 users!! Thanks, Hector Rios Louisiana State University -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Monday, December 14, 2009 7:55 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Private IP space for wireless users- anyone? Wondering how many other schools are using private IP space for wireless users, how you accomplish the NAT, and what mechanisms you use for user tracking for the private-public mappings for forensic/investigatory purposes. Thanks- Lee ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Private IP space for wireless users- anyone?
The only problem we ran into were a couple of websites blocking us because to the it would look like a DOS attack. After contacting the sites and notifying them that the single ip they were seeing was just the public ip for the NAT network. ~Patrick Sent from my iPhone On Dec 15, 2009, at 5:36 AM, "Lee H Badman" wrote: > Thanks for all of the responses- I wonder if anyone with a peak > usage like ours is doing NAT- almost 6500 clients? > > -Lee > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [wireless-...@listserv.educause.edu] On Behalf Of Jason Appah > [jason.ap...@oit.edu] > Sent: Monday, December 14, 2009 11:03 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- > anyone? > > Yes, that is what we do. I just wondered how big if a bear it would be > to track pat in a university wireless environment. > > In a second related note, we recently changed our NAT timeout from 3 > to 2 hours as we were beginning to run out of 1 to 1 NAT ranges > > Sent from my iPhone > > Jason Appah > Systems Administrator > Oregon Tech > > On Dec 14, 2009, at 6:33 PM, "Phil Trivilino" wrote: > >> We do 1to1 dynamic NAT on the ASA firewall and log all the >> translations to a syslog server. Easy to get the private ip from >> the log given the time and global ip. It is all we've seen the need >> for to this point. >> Phil >> >> On Dec 14, 2009, at 8:55 PM, Lee H Badman wrote: >> >>> Wondering how many other schools are using private IP space for >>> wireless users, how you accomplish the NAT, and what mechanisms you >>> use for user tracking for the private-public mappings for forensic/ >>> investigatory purposes. >>> >>> Thanks- >>> >>> Lee >>> ** >>> Participation and subscription information for this EDUCAUSE >>> Constituent Group discussion list can be found at >>> http://www.educause.edu/groups/ >>> . >> >> ** >> Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> http://www.educause.edu/groups/ >> . > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/ > . > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/ > . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Private IP space for wireless users- anyone?
Thanks for all of the responses- I wonder if anyone with a peak usage like ours is doing NAT- almost 6500 clients? -Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv [wireless-...@listserv.educause.edu] On Behalf Of Jason Appah [jason.ap...@oit.edu] Sent: Monday, December 14, 2009 11:03 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- anyone? Yes, that is what we do. I just wondered how big if a bear it would be to track pat in a university wireless environment. In a second related note, we recently changed our NAT timeout from 3 to 2 hours as we were beginning to run out of 1 to 1 NAT ranges Sent from my iPhone Jason Appah Systems Administrator Oregon Tech On Dec 14, 2009, at 6:33 PM, "Phil Trivilino" wrote: > We do 1to1 dynamic NAT on the ASA firewall and log all the > translations to a syslog server. Easy to get the private ip from > the log given the time and global ip. It is all we've seen the need > for to this point. > Phil > > On Dec 14, 2009, at 8:55 PM, Lee H Badman wrote: > >> Wondering how many other schools are using private IP space for >> wireless users, how you accomplish the NAT, and what mechanisms you >> use for user tracking for the private-public mappings for forensic/ >> investigatory purposes. >> >> Thanks- >> >> Lee >> ** >> Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> http://www.educause.edu/groups/ >> . > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/ > . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Private IP space for wireless users- anyone?
Yes, that is what we do. I just wondered how big if a bear it would be to track pat in a university wireless environment. In a second related note, we recently changed our NAT timeout from 3 to 2 hours as we were beginning to run out of 1 to 1 NAT ranges Sent from my iPhone Jason Appah Systems Administrator Oregon Tech On Dec 14, 2009, at 6:33 PM, "Phil Trivilino" wrote: > We do 1to1 dynamic NAT on the ASA firewall and log all the > translations to a syslog server. Easy to get the private ip from > the log given the time and global ip. It is all we've seen the need > for to this point. > Phil > > On Dec 14, 2009, at 8:55 PM, Lee H Badman wrote: > >> Wondering how many other schools are using private IP space for >> wireless users, how you accomplish the NAT, and what mechanisms you >> use for user tracking for the private-public mappings for forensic/ >> investigatory purposes. >> >> Thanks- >> >> Lee >> ** >> Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> http://www.educause.edu/groups/ >> . > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/ > . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Private IP space for wireless users- anyone?
The timestamp allows it to narrow it down to a user. Hector -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Jason Appah Sent: Monday, December 14, 2009 8:22 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- anyone? How does the user tracking work with pat? usually when we get a dmca or virus or spam it doesn't come with a port? Sent from my iPhone Jason Appah Systems Administrator Oregon Tech On Dec 14, 2009, at 6:09 PM, "Hector J Rios" wrote: > Lee, > > We use private IPs, we PAT at the border and we log all transactions > on a Juniper firewall so that we can keep a log of the > private-to-public translations. We keep 30 days of logs right now. We > are buying more disk space to save up to 90 days. > > It's been very effective. As a side note, we would not be able to > maintain our wireless if we did not have a private IP space. Just this > semester we had to increase the IP subnet for our library. On finals > week we saw over 800 users!! > > Thanks, > > Hector Rios > Louisiana State University > > -Original Message- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman > Sent: Monday, December 14, 2009 7:55 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: [WIRELESS-LAN] Private IP space for wireless users- anyone? > > Wondering how many other schools are using private IP space for > wireless users, how you accomplish the NAT, and what mechanisms you > use for user tracking for the private-public mappings for > forensic/investigatory purposes. > > Thanks- > > Lee > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Private IP space for wireless users- anyone?
We do 1to1 dynamic NAT on the ASA firewall and log all the translations to a syslog server. Easy to get the private ip from the log given the time and global ip. It is all we've seen the need for to this point. Phil On Dec 14, 2009, at 8:55 PM, Lee H Badman wrote: > Wondering how many other schools are using private IP space for wireless > users, how you accomplish the NAT, and what mechanisms you use for user > tracking for the private-public mappings for forensic/investigatory purposes. > > Thanks- > > Lee > ** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Private IP space for wireless users- anyone?
How does the user tracking work with pat? usually when we get a dmca or virus or spam it doesn't come with a port? Sent from my iPhone Jason Appah Systems Administrator Oregon Tech On Dec 14, 2009, at 6:09 PM, "Hector J Rios" wrote: > Lee, > > We use private IPs, we PAT at the border and we log all transactions > on > a Juniper firewall so that we can keep a log of the private-to-public > translations. We keep 30 days of logs right now. We are buying more > disk > space to save up to 90 days. > > It's been very effective. As a side note, we would not be able to > maintain our wireless if we did not have a private IP space. Just this > semester we had to increase the IP subnet for our library. On finals > week we saw over 800 users!! > > Thanks, > > Hector Rios > Louisiana State University > > -Original Message- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman > Sent: Monday, December 14, 2009 7:55 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: [WIRELESS-LAN] Private IP space for wireless users- anyone? > > Wondering how many other schools are using private IP space for > wireless users, how you accomplish the NAT, and what mechanisms you > use > for user tracking for the private-public mappings for > forensic/investigatory purposes. > > Thanks- > > Lee > ** > Participation and subscription information for this EDUCAUSE > Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/ > . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Private IP space for wireless users- anyone?
Lee, We use private IPs, we PAT at the border and we log all transactions on a Juniper firewall so that we can keep a log of the private-to-public translations. We keep 30 days of logs right now. We are buying more disk space to save up to 90 days. It's been very effective. As a side note, we would not be able to maintain our wireless if we did not have a private IP space. Just this semester we had to increase the IP subnet for our library. On finals week we saw over 800 users!! Thanks, Hector Rios Louisiana State University -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Monday, December 14, 2009 7:55 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Private IP space for wireless users- anyone? Wondering how many other schools are using private IP space for wireless users, how you accomplish the NAT, and what mechanisms you use for user tracking for the private-public mappings for forensic/investigatory purposes. Thanks- Lee ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.