Though we currently have enough available routed IP space for our
wireless clients we are looking toward the future and wondering if
NAT-ing the wireless network makes sense.
Does anyone have any experiences, good or bad, using NAT for the
wireless client pool in a large scale environment?
We are considering using MAC authentication to allow users to bypass the
captive portal web login page to access our wireless network. This is
considered sort of a stop-gap measure until 802.1x is fully implemented.
Is anyone maintaining (by harvesting or user-initiated manual entry) a
MAC
Mike,
We have our visitor network on NAT and got an issue recently related
to RIAA (we had about 200 users on it at the time)
The request from RIAA mentioned the IP address, the Application
(GNUTELLA) with the local port and a timestamp.
You can track the user, but it takes an accurate log!
We have been considering something similar. Our thought was to use MAC
authentication via radius to our wired NAC system. The idea being that
if they registered their system then the MAC would be in the database
and they wouldn't get the captive portal at login. (Before I get
flamed, our
Last academic year we ran NAT on our main wireless network. We had
about 13,000 unique users per day and about 8,000 simultaneous
connections at peak times, roughly 95% student traffic. It worked,
but there were a couple of issues for us:
1) Picking the correct NAT box. Catalysts 6500s do
I will offer the caution that in a captive portal, in regard to accountability,
MAC harvesting is an all or nothing proposition. You will be surprised how
often computers are loaned and authenticated using different accounts. If you
harvest for one population, that population will eventually
1. Currently we have users manually register their wireless MAC address, but
from then on they don't see the guest portal, have free access to the internet
(minus port25) but can only do encrypted protocols to campus without VPN. This
was designed to accommodate handheld devices that couldn't
What supervisor were you running in the 6500's ?
-Neil
--
Neil Johnson
Network Engineer
The University of Iowa
W: 319 384-0938
M: 319 540-2081
http://www.uiowa.edu
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL
PROTECTED] On Behalf Of