Hey Lee, We have approximately 8200 users during peak times but that is split between two SSIDs. For our secure SSID we are authenticating using Cisco ACS which we are logging, this gives us the NetID (username) to 10net address. We are doing our PAT at the border firewall which is logging the translations.
Holler if you need further info. Ken Ken Boynton Communications Network Analyst, Sr. UITS-IS-CID-NetOps University of Arizona 520.621.5640 -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Lee H Badman Sent: Tuesday, December 15, 2009 4:36 AM To: [email protected] Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- anyone? Thanks for all of the responses- I wonder if anyone with a peak usage like ours is doing NAT- almost 6500 clients? -Lee ________________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [[email protected]] On Behalf Of Jason Appah [[email protected]] Sent: Monday, December 14, 2009 11:03 PM To: [email protected] Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- anyone? Yes, that is what we do. I just wondered how big if a bear it would be to track pat in a university wireless environment. In a second related note, we recently changed our NAT timeout from 3 to 2 hours as we were beginning to run out of 1 to 1 NAT ranges Sent from my iPhone Jason Appah Systems Administrator Oregon Tech On Dec 14, 2009, at 6:33 PM, "Phil Trivilino" <[email protected]> wrote: > We do 1to1 dynamic NAT on the ASA firewall and log all the > translations to a syslog server. Easy to get the private ip from > the log given the time and global ip. It is all we've seen the need > for to this point. > Phil > > On Dec 14, 2009, at 8:55 PM, Lee H Badman wrote: > >> Wondering how many other schools are using private IP space for >> wireless users, how you accomplish the NAT, and what mechanisms you >> use for user tracking for the private-public mappings for forensic/ >> investigatory purposes. >> >> Thanks- >> >> Lee >> ********** >> Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at http://www.educause.edu/groups/ >> . > > ********** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/groups/ > . ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
