Re: [WIRELESS-LAN] Private IP space for wireless users- anyone?

Mon, 01 Mar 2010 13:18:12 -0800 

Hi Aaron,
I asked about this in April 2008 right before we did our first /21 and had replies of sites using /20s without problems. As David said, "if using cisco wlc, the default behaviour is to block broadcast and multicast traffic from being sent out the WLAN to other wireless client devices". Other vendors may have similar, we have had no problem with /21 on wireless. We do not do this on any wired LAN, just the controller based lwap and now capwap wireless. 

thanks!
jim



On 3/1/2010 3:58 PM, Aaron S. Thompson wrote:

I'm surprised at the use of such large broadcast domains, 4094 or 
even 2046 available hosts?  We have found domains that large could 
bring necessary broadcast load on your network gear and client load of 
having to respond to all the broadcast traffic.  Once we identified 
these potential problems we began deploying /24's.


We are using the private address space allocation with PAT.


Any other thoughts on broadcast domains?  Do others treat the wireless 
different from the LAN?



-
Aaron Thompson
Network Services Manager
Network and Telecommunications

Berklee College of Music
1140 Boylston Street, MS-186 NETT
Boston, MA 02215-3693

617.747.8656 athomp...@berklee.edu <mailto:athomp...@berklee.edu> 
www.berklee.edu <http://www.berklee.edu/>


On Mar 1, 2010, at 3:15 PM, David Wang wrote:


James, if you using cisco wlc, the default behaviour is to block 
broadcast and multicast traffic from being sent out the WLAN to other 
wireless client devices. We are using multiple /21 private IPs with NAT.


David Wang
Networking and Security Services, CCS
University of Guelph  519-824-4120 ext 52046

On 2009-12-16, at 10:04 AM, Jamie Savage wrote:

Ken,

      /20 subnets?.............I've always been concerned about such 
a large broadcast domain.....ie....we've not gone larger than /22. 
 Have you done any special tweaking to facilitate the /20s or have 
they just worked fine as is?


.....thx...........J

James Savage                                   York University
Senior Communications Tech.       108 Steacie Building

jsav...@yorku.ca <mailto:jsav...@yorku.ca>                           
 4700 Keele Street

ph: 416-736-2100 ext. 22605            Toronto, Ontario
fax: 416-736-5830                                M3J 1P3, CANADA




From: Ken LeCompte <lecom...@nbcs.rutgers.edu 
<mailto:lecom...@nbcs.rutgers.edu>>
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>

Date: 12/16/2009 08:11 AM
Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- anyone?

Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>

------------------------------------------------------------------------



We are doing NAT/PAT at the edge with a firewall module in a 6500 for
our 5000 peak logged in users. We use four /20's to break up those
users across our wireless controllers. The wireless users are also not
the only ones being NATed at that firewall module. All of the dorm
wired users are NATed there too.

Thanks.

Ken

--
Ken LeCompte - Telecommunications Analyst
Rutgers University Office of Information Technology
Campus Computing Services - Central Systems and Services
Office ~ (732) 445-4823

On Dec 15, 2009, at 6:36 AM, Lee H Badman wrote:

> Thanks for all of the responses- I wonder if anyone with a peak
> usage like ours is doing NAT- almost 6500 clients?
>
> -Lee
> ________________________________________

> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[wireless-...@listserv.educause.edu

> ] On Behalf Of Jason Appah [jason.ap...@oit.edu]
> Sent: Monday, December 14, 2009 11:03 PM

> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>

> Subject: Re: [WIRELESS-LAN] Private IP space for wireless users-
> anyone?
>
> Yes, that is what we do. I just wondered how big if a bear it would be
> to track pat in a university wireless environment.
>
> In a second related note, we recently changed our NAT timeout from 3
> to 2 hours as we were beginning to run out of 1 to 1 NAT ranges
>
> Sent from my iPhone
>
> Jason Appah
> Systems Administrator
> Oregon Tech
>

> On Dec 14, 2009, at 6:33 PM, "Phil Trivilino" <p...@stlawu.edu 
<mailto:p...@stlawu.edu>> wrote:

>
>> We do 1to1 dynamic NAT on the ASA firewall and log all the
>> translations to a syslog server.  Easy to get the private ip from
>> the log given the time and global ip.  It is all we've seen the need
>> for to this point.
>> Phil
>>
>> On Dec 14, 2009, at 8:55 PM, Lee H Badman wrote:
>>
>>> Wondering how many other schools are using private IP space for
>>> wireless users, how you accomplish the NAT, and what mechanisms you
>>> use for user tracking for the private-public mappings for forensic/
>>> investigatory purposes.
>>>
>>> Thanks-
>>>
>>> Lee
>>> **********
>>> Participation and subscription information for this EDUCAUSE

>>> Constituent Group discussion list can be found at 
http://www.educause.edu/groups/

>>> .
>>
>> **********
>> Participation and subscription information for this EDUCAUSE

>> Constituent Group discussion list can be found at 
http://www.educause.edu/groups/

>> .
>
> **********
> Participation and subscription information for this EDUCAUSE

> Constituent Group discussion list can be found at 
http://www.educause.edu/groups/

> .
>
> **********
> Participation and subscription information for this EDUCAUSE

> Constituent Group discussion list can be found at 
http://www.educause.edu/groups/

> .

**********

Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



********** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.




********** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.





********** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.




**********
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.
























					Reply via email to