Re: [WIRELESS-LAN] NAT in large scale wireless networks
Stan... Since we've touched on Aruba and SyslogI have a question... We too are an Aruba shop, and do push info to a syslog server. In previous code 2.x, as you mentioned, an authentication log would include username, mac, IP, and APbut since we've upgraded to 3.x, it seems the username and mac/IP have been separated and are no longer tied together. I do get username authentications, and mac/IP info, but I have no way of tying them together... What ver code are you running and/or do you have the same issue ? Ken Connell Intermediate Network Engineer Computer Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Brooks, Stan [EMAIL PROTECTED] Date: Thursday, July 3, 2008 5:39 pm Subject: Re: [WIRELESS-LAN] NAT in large scale wireless networks To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Greg, Depending on the code version, you can set the logging levels to capture user associations and authentications to a syslog server. The data logged includes the location name/group of the AP the user connected to, the SSID, along with the user's MAC, IP and user ID. - Stan Brooks - CWNA/CWSP Emory University Network Communications Division 404.727.0226 AIM/Y!/Twitter: WLANstan MSN: [EMAIL PROTECTED] GoogleTalk: [EMAIL PROTECTED] -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Scholz, Greg Sent: Thursday, July 03, 2008 8:55 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] NAT in large scale wireless networks Stan, Can you tell me what type of location information you get and from what log? 802.1x/WPA-Enterprise, so we have usernames and locations in our logs We are trying to figure out if there is a way to determine what APs user are/have been on but all we have seen in the radius logs is the controller as the NAS. Thanks, Greg -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Brooks, Stan Sent: Wednesday, July 02, 2008 6:34 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] NAT in large scale wireless networks Mike, We, too, are an Aruba shop, and have been doing NAT on our academic and ResNet wireless networks for about a year now. Two years ago, we ran out of IP addresses on our wireless network on Move-In Weekend and had to scramble to add additional subnets - a scarce commodity here at Emory. To prevent that from happening last year, we implemented NAT for our wireless clients and now have plenty of address space for our growing user base. We let the Aruba controllers perform the NAT function (very easy to set up - just a firewall rule in the user role in the Aruba config). We've not had any complaints from users regarding NAT issues; we were concerned that it might break some apps, but no problems have been observed or reported. We've even got our homegrown NAC (NetReg/CAT) working over the wireless, too - NetReg DHCP traffic is not NAT'ed, but all other traffic is. This all works great, thanks to the Aruba capabilities. The only issue we've had with NAT have been voiced by Philippe - DCMA notices are hard to isolate. Our wired network has some protection in place to identify and reduce peer-to-peer traffic (Tipping Points), so we don't generally get a lot of notices. User tracking and RF location still works well as those are functions of the radio and authentication subsystems. Our academic users log on using 802.1x/WPA-Enterprise, so we have usernames and locations in our logs. Connecting those usernames to the NAT pool IP addresses is the hard part. I'd be happy to share some basic configuration tips and tricks regarding NAT with you off-list, or on-list if other s are interested. BTW - We've been NAT'ing our guest access users since day one on the Aruba equipment. Guests log in through the captive portal and are given limited access - bandwidth limited web access and VPN access back to their home organizations. - Stan Brooks - CWNA/CWSP Emory University Network Communications Division 404.727.0226 AIM/Y!/Twitter: WLANstan MSN: [EMAIL PROTECTED] GoogleTalk: [EMAIL PROTECTED] -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Michael Dickson Sent: Tuesday, July 01, 2008 9:47 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] NAT in large scale wireless networks Though we currently have enough available routed IP space for our wireless clients we are looking toward the future and wondering if NAT-ing the wireless network makes sense
RE: [WIRELESS-LAN] NAT in large scale wireless networks
Stan, Can you tell me what type of location information you get and from what log? 802.1x/WPA-Enterprise, so we have usernames and locations in our logs We are trying to figure out if there is a way to determine what APs user are/have been on but all we have seen in the radius logs is the controller as the NAS. Thanks, Greg -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Brooks, Stan Sent: Wednesday, July 02, 2008 6:34 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] NAT in large scale wireless networks Mike, We, too, are an Aruba shop, and have been doing NAT on our academic and ResNet wireless networks for about a year now. Two years ago, we ran out of IP addresses on our wireless network on Move-In Weekend and had to scramble to add additional subnets - a scarce commodity here at Emory. To prevent that from happening last year, we implemented NAT for our wireless clients and now have plenty of address space for our growing user base. We let the Aruba controllers perform the NAT function (very easy to set up - just a firewall rule in the user role in the Aruba config). We've not had any complaints from users regarding NAT issues; we were concerned that it might break some apps, but no problems have been observed or reported. We've even got our homegrown NAC (NetReg/CAT) working over the wireless, too - NetReg DHCP traffic is not NAT'ed, but all other traffic is. This all works great, thanks to the Aruba capabilities. The only issue we've had with NAT have been voiced by Philippe - DCMA notices are hard to isolate. Our wired network has some protection in place to identify and reduce peer-to-peer traffic (Tipping Points), so we don't generally get a lot of notices. User tracking and RF location still works well as those are functions of the radio and authentication subsystems. Our academic users log on using 802.1x/WPA-Enterprise, so we have usernames and locations in our logs. Connecting those usernames to the NAT pool IP addresses is the hard part. I'd be happy to share some basic configuration tips and tricks regarding NAT with you off-list, or on-list if other s are interested. BTW - We've been NAT'ing our guest access users since day one on the Aruba equipment. Guests log in through the captive portal and are given limited access - bandwidth limited web access and VPN access back to their home organizations. - Stan Brooks - CWNA/CWSP Emory University Network Communications Division 404.727.0226 AIM/Y!/Twitter: WLANstan MSN: [EMAIL PROTECTED] GoogleTalk: [EMAIL PROTECTED] -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Michael Dickson Sent: Tuesday, July 01, 2008 9:47 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] NAT in large scale wireless networks Though we currently have enough available routed IP space for our wireless clients we are looking toward the future and wondering if NAT-ing the wireless network makes sense. Does anyone have any experiences, good or bad, using NAT for the wireless client pool in a large scale environment? What features go away (i.e. RFID or user tracking, etc.) Are there any gotchas? We're an Aruba shop and expect about 3000+ wireless clients this semester and have been adding more APs by the week. Thanks, Mike *** Michael Dickson Phone: 413-545-9639 Network Analyst [EMAIL PROTECTED] University of Massachusetts Network Systems and Services *** ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] NAT in large scale wireless networks
Hector J Rios wrote: On the topic of DMCA, RIAA, and the like, I can tell you that we use a Juniper firewall to log all of our wireless transactions and it is amazingly accurate. This was a must for us when we decided to move to a private addressing scheme. The only difference is that we do PAT instead of NAT. But in the event of a notice, we can tie a public IP address to a private IP and a username easily, assuming we get an accurate time stamp. With the information provided by the firewall we can tie the public IP and time stamp to a private IP. Then, with RADIUS accounting logs we tie the private IP to a username and MAC address. As it was mentioned before, storage is an issue as these logs grow very quickly. Just curious, how far back do you keep these logs? As you say, it's a compromise between storage demands and utility of records. -- Regards, -- Cal Frye, Network Administrator, Oberlin College www.calfrye.com, www.pitalabs.com No woman can call herself free who does not own and control her body. -- Margaret Sanger. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] NAT in large scale wireless networks
Right now just 14 days of logs. Hector -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Cal Frye Sent: Thursday, July 03, 2008 10:28 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] NAT in large scale wireless networks Hector J Rios wrote: On the topic of DMCA, RIAA, and the like, I can tell you that we use a Juniper firewall to log all of our wireless transactions and it is amazingly accurate. This was a must for us when we decided to move to a private addressing scheme. The only difference is that we do PAT instead of NAT. But in the event of a notice, we can tie a public IP address to a private IP and a username easily, assuming we get an accurate time stamp. With the information provided by the firewall we can tie the public IP and time stamp to a private IP. Then, with RADIUS accounting logs we tie the private IP to a username and MAC address. As it was mentioned before, storage is an issue as these logs grow very quickly. Just curious, how far back do you keep these logs? As you say, it's a compromise between storage demands and utility of records. -- Regards, -- Cal Frye, Network Administrator, Oberlin College www.calfrye.com, www.pitalabs.com No woman can call herself free who does not own and control her body. -- Margaret Sanger. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] NAT in large scale wireless networks
Greg, Depending on the code version, you can set the logging levels to capture user associations and authentications to a syslog server. The data logged includes the location name/group of the AP the user connected to, the SSID, along with the user's MAC, IP and user ID. - Stan Brooks - CWNA/CWSP Emory University Network Communications Division 404.727.0226 AIM/Y!/Twitter: WLANstan MSN: [EMAIL PROTECTED] GoogleTalk: [EMAIL PROTECTED] -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Scholz, Greg Sent: Thursday, July 03, 2008 8:55 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] NAT in large scale wireless networks Stan, Can you tell me what type of location information you get and from what log? 802.1x/WPA-Enterprise, so we have usernames and locations in our logs We are trying to figure out if there is a way to determine what APs user are/have been on but all we have seen in the radius logs is the controller as the NAS. Thanks, Greg -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Brooks, Stan Sent: Wednesday, July 02, 2008 6:34 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] NAT in large scale wireless networks Mike, We, too, are an Aruba shop, and have been doing NAT on our academic and ResNet wireless networks for about a year now. Two years ago, we ran out of IP addresses on our wireless network on Move-In Weekend and had to scramble to add additional subnets - a scarce commodity here at Emory. To prevent that from happening last year, we implemented NAT for our wireless clients and now have plenty of address space for our growing user base. We let the Aruba controllers perform the NAT function (very easy to set up - just a firewall rule in the user role in the Aruba config). We've not had any complaints from users regarding NAT issues; we were concerned that it might break some apps, but no problems have been observed or reported. We've even got our homegrown NAC (NetReg/CAT) working over the wireless, too - NetReg DHCP traffic is not NAT'ed, but all other traffic is. This all works great, thanks to the Aruba capabilities. The only issue we've had with NAT have been voiced by Philippe - DCMA notices are hard to isolate. Our wired network has some protection in place to identify and reduce peer-to-peer traffic (Tipping Points), so we don't generally get a lot of notices. User tracking and RF location still works well as those are functions of the radio and authentication subsystems. Our academic users log on using 802.1x/WPA-Enterprise, so we have usernames and locations in our logs. Connecting those usernames to the NAT pool IP addresses is the hard part. I'd be happy to share some basic configuration tips and tricks regarding NAT with you off-list, or on-list if other s are interested. BTW - We've been NAT'ing our guest access users since day one on the Aruba equipment. Guests log in through the captive portal and are given limited access - bandwidth limited web access and VPN access back to their home organizations. - Stan Brooks - CWNA/CWSP Emory University Network Communications Division 404.727.0226 AIM/Y!/Twitter: WLANstan MSN: [EMAIL PROTECTED] GoogleTalk: [EMAIL PROTECTED] -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Michael Dickson Sent: Tuesday, July 01, 2008 9:47 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] NAT in large scale wireless networks Though we currently have enough available routed IP space for our wireless clients we are looking toward the future and wondering if NAT-ing the wireless network makes sense. Does anyone have any experiences, good or bad, using NAT for the wireless client pool in a large scale environment? What features go away (i.e. RFID or user tracking, etc.) Are there any gotchas? We're an Aruba shop and expect about 3000+ wireless clients this semester and have been adding more APs by the week. Thanks, Mike *** Michael Dickson Phone: 413-545-9639 Network Analyst [EMAIL PROTECTED] University of Massachusetts Network Systems and Services *** ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message
RE: [WIRELESS-LAN] NAT in large scale wireless networks
Mike, We, too, are an Aruba shop, and have been doing NAT on our academic and ResNet wireless networks for about a year now. Two years ago, we ran out of IP addresses on our wireless network on Move-In Weekend and had to scramble to add additional subnets - a scarce commodity here at Emory. To prevent that from happening last year, we implemented NAT for our wireless clients and now have plenty of address space for our growing user base. We let the Aruba controllers perform the NAT function (very easy to set up - just a firewall rule in the user role in the Aruba config). We've not had any complaints from users regarding NAT issues; we were concerned that it might break some apps, but no problems have been observed or reported. We've even got our homegrown NAC (NetReg/CAT) working over the wireless, too - NetReg DHCP traffic is not NAT'ed, but all other traffic is. This all works great, thanks to the Aruba capabilities. The only issue we've had with NAT have been voiced by Philippe - DCMA notices are hard to isolate. Our wired network has some protection in place to identify and reduce peer-to-peer traffic (Tipping Points), so we don't generally get a lot of notices. User tracking and RF location still works well as those are functions of the radio and authentication subsystems. Our academic users log on using 802.1x/WPA-Enterprise, so we have usernames and locations in our logs. Connecting those usernames to the NAT pool IP addresses is the hard part. I'd be happy to share some basic configuration tips and tricks regarding NAT with you off-list, or on-list if other s are interested. BTW - We've been NAT'ing our guest access users since day one on the Aruba equipment. Guests log in through the captive portal and are given limited access - bandwidth limited web access and VPN access back to their home organizations. - Stan Brooks - CWNA/CWSP Emory University Network Communications Division 404.727.0226 AIM/Y!/Twitter: WLANstan MSN: [EMAIL PROTECTED] GoogleTalk: [EMAIL PROTECTED] -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Michael Dickson Sent: Tuesday, July 01, 2008 9:47 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] NAT in large scale wireless networks Though we currently have enough available routed IP space for our wireless clients we are looking toward the future and wondering if NAT-ing the wireless network makes sense. Does anyone have any experiences, good or bad, using NAT for the wireless client pool in a large scale environment? What features go away (i.e. RFID or user tracking, etc.) Are there any gotchas? We're an Aruba shop and expect about 3000+ wireless clients this semester and have been adding more APs by the week. Thanks, Mike *** Michael Dickson Phone: 413-545-9639 Network Analyst [EMAIL PROTECTED] University of Massachusetts Network Systems and Services *** ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] NAT in large scale wireless networks
On the topic of DMCA, RIAA, and the like, I can tell you that we use a Juniper firewall to log all of our wireless transactions and it is amazingly accurate. This was a must for us when we decided to move to a private addressing scheme. The only difference is that we do PAT instead of NAT. But in the event of a notice, we can tie a public IP address to a private IP and a username easily, assuming we get an accurate time stamp. With the information provided by the firewall we can tie the public IP and time stamp to a private IP. Then, with RADIUS accounting logs we tie the private IP to a username and MAC address. As it was mentioned before, storage is an issue as these logs grow very quickly. Hector Rios Telecommunications Analyst, NI Louisiana State University Information Technology Services -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Michael Dickson Sent: Tuesday, July 01, 2008 8:47 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] NAT in large scale wireless networks Though we currently have enough available routed IP space for our wireless clients we are looking toward the future and wondering if NAT-ing the wireless network makes sense. Does anyone have any experiences, good or bad, using NAT for the wireless client pool in a large scale environment? What features go away (i.e. RFID or user tracking, etc.) Are there any gotchas? We're an Aruba shop and expect about 3000+ wireless clients this semester and have been adding more APs by the week. Thanks, Mike *** Michael Dickson Phone: 413-545-9639 Network Analyst [EMAIL PROTECTED] University of Massachusetts Network Systems and Services *** ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] NAT in large scale wireless networks
Mike, We have our visitor network on NAT and got an issue recently related to RIAA (we had about 200 users on it at the time) The request from RIAA mentioned the IP address, the Application (GNUTELLA) with the local port and a timestamp. You can track the user, but it takes an accurate log! (and it is time consuming...you might want to charge RIAA back for the service) Philippe -- On Tue, 1 Jul 2008, Michael Dickson wrote: Though we currently have enough available routed IP space for our wireless clients we are looking toward the future and wondering if NAT-ing the wireless network makes sense. Does anyone have any experiences, good or bad, using NAT for the wireless client pool in a large scale environment? What features go away (i.e. RFID or user tracking, etc.) Are there any gotchas? We're an Aruba shop and expect about 3000+ wireless clients this semester and have been adding more APs by the week. Thanks, Mike *** Michael Dickson Phone: 413-545-9639 Network Analyst [EMAIL PROTECTED] University of Massachusetts Network Systems and Services *** ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] NAT in large scale wireless networks
Last academic year we ran NAT on our main wireless network. We had about 13,000 unique users per day and about 8,000 simultaneous connections at peak times, roughly 95% student traffic. It worked, but there were a couple of issues for us: 1) Picking the correct NAT box. Catalysts 6500s do wirespeed NAT, but they can't keep up with the number of new connections per second. A single ASA5550 handled the job well, now we have a pair. 2) The NAT logs are enormous. Finding space to keep them is fun, going through them to find incidents is painful. We did NAT because we added wireless to our dorms last year and we weren't sure what the pace of our rollout would be, or how fast the users would migrate over. We didn't want to be shuffling IP ranges all year. We'll be going back to fixed IP addresses next year for most wireless use. -Karl Reuss University of Maryland, College Park Michael Dickson wrote: Though we currently have enough available routed IP space for our wireless clients we are looking toward the future and wondering if NAT-ing the wireless network makes sense. Does anyone have any experiences, good or bad, using NAT for the wireless client pool in a large scale environment? What features go away (i.e. RFID or user tracking, etc.) Are there any gotchas? We're an Aruba shop and expect about 3000+ wireless clients this semester and have been adding more APs by the week. Thanks, Mike *** Michael Dickson Phone: 413-545-9639 Network Analyst [EMAIL PROTECTED] University of Massachusetts Network Systems and Services *** ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] NAT in large scale wireless networks
What supervisor were you running in the 6500's ? -Neil -- Neil Johnson Network Engineer The University of Iowa W: 319 384-0938 M: 319 540-2081 http://www.uiowa.edu -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Karl Reuss Sent: Tuesday, July 01, 2008 9:51 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] NAT in large scale wireless networks Last academic year we ran NAT on our main wireless network. We had about 13,000 unique users per day and about 8,000 simultaneous connections at peak times, roughly 95% student traffic. It worked, but there were a couple of issues for us: 1) Picking the correct NAT box. Catalysts 6500s do wirespeed NAT, but they can't keep up with the number of new connections per second. A single ASA5550 handled the job well, now we have a pair. 2) The NAT logs are enormous. Finding space to keep them is fun, going through them to find incidents is painful. We did NAT because we added wireless to our dorms last year and we weren't sure what the pace of our rollout would be, or how fast the users would migrate over. We didn't want to be shuffling IP ranges all year. We'll be going back to fixed IP addresses next year for most wireless use. -Karl Reuss University of Maryland, College Park Michael Dickson wrote: Though we currently have enough available routed IP space for our wireless clients we are looking toward the future and wondering if NAT-ing the wireless network makes sense. Does anyone have any experiences, good or bad, using NAT for the wireless client pool in a large scale environment? What features go away (i.e. RFID or user tracking, etc.) Are there any gotchas? We're an Aruba shop and expect about 3000+ wireless clients this semester and have been adding more APs by the week. Thanks, Mike *** Michael Dickson Phone: 413-545-9639 Network Analyst [EMAIL PROTECTED] University of Massachusetts Network Systems and Services *** ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.