Last academic year we ran NAT on our main wireless network. We had
about 13,000 unique users per day and about 8,000 simultaneous
connections at peak times, roughly 95% student traffic. It worked,
but there were a couple of issues for us:
1) Picking the correct NAT box. Catalysts 6500s do wirespeed
NAT, but they can't keep up with the number of new connections
per second. A single ASA5550 handled the job well, now we have
a pair.
2) The NAT logs are enormous. Finding space to keep them is
fun, going through them to find incidents is painful.
We did NAT because we added wireless to our dorms last year
and we weren't sure what the pace of our rollout would be, or how
fast the users would migrate over. We didn't want to be shuffling
IP ranges all year. We'll be going back to fixed IP addresses
next year for most wireless use.
-Karl Reuss
University of Maryland, College Park
Michael Dickson wrote:
Though we currently have enough available routed IP space for our
wireless clients we are looking toward the future and wondering if
NAT-ing the wireless network makes sense.
Does anyone have any experiences, good or bad, using NAT for the
wireless client pool in a large scale environment? What features "go
away" (i.e. RFID or user tracking, etc.) Are there any gotchas?
We're an Aruba shop and expect about 3000+ wireless clients this
semester and have been adding more APs by the week.
Thanks,
Mike
***************************************************************
Michael Dickson Phone: 413-545-9639
Network Analyst [EMAIL PROTECTED]
University of Massachusetts
Network Systems and Services
***************************************************************
**********
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
