We've been using /21's for a couple of years on the wireless and /20's on the wired side for a couple of years now without any real problems. The only feature we've been using on the access points to prevent some of the non-required traffic has been applying ether-type filters to block IPv6, Appletalk, and IPX when we can. We looked at using /22's on the wired side for the residence halls a couple years ago but found a number of games required all clients to be in the same broadcast domain.
Patrick Goggins Network Administrator Carroll University From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Jim Glassford Sent: Monday, March 01, 2010 3:18 PM To: [email protected] Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- anyone? Hi Aaron, I asked about this in April 2008 right before we did our first /21 and had replies of sites using /20s without problems. As David said, "if using cisco wlc, the default behaviour is to block broadcast and multicast traffic from being sent out the WLAN to other wireless client devices". Other vendors may have similar, we have had no problem with /21 on wireless. We do not do this on any wired LAN, just the controller based lwap and now capwap wireless. thanks! jim On 3/1/2010 3:58 PM, Aaron S. Thompson wrote: I'm surprised at the use of such large broadcast domains, 4094 or even 2046 available hosts? We have found domains that large could bring necessary broadcast load on your network gear and client load of having to respond to all the broadcast traffic. Once we identified these potential problems we began deploying /24's. We are using the private address space allocation with PAT. Any other thoughts on broadcast domains? Do others treat the wireless different from the LAN? - Aaron Thompson Network Services Manager Network and Telecommunications Berklee College of Music 1140 Boylston Street, MS-186 NETT Boston, MA 02215-3693 617.747.8656 [email protected]<mailto:[email protected]> www.berklee.edu<http://www.berklee.edu/> On Mar 1, 2010, at 3:15 PM, David Wang wrote: James, if you using cisco wlc, the default behaviour is to block broadcast and multicast traffic from being sent out the WLAN to other wireless client devices. We are using multiple /21 private IPs with NAT. David Wang Networking and Security Services, CCS University of Guelph 519-824-4120 ext 52046 On 2009-12-16, at 10:04 AM, Jamie Savage wrote: Ken, /20 subnets?.............I've always been concerned about such a large broadcast domain.....ie....we've not gone larger than /22. Have you done any special tweaking to facilitate the /20s or have they just worked fine as is? .....thx...........J James Savage York University Senior Communications Tech. 108 Steacie Building [email protected]<mailto:[email protected]> 4700 Keele Street ph: 416-736-2100 ext. 22605 Toronto, Ontario fax: 416-736-5830 M3J 1P3, CANADA From: Ken LeCompte <[email protected]<mailto:[email protected]>> To: [email protected]<mailto:[email protected]> Date: 12/16/2009 08:11 AM Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- anyone? Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv <[email protected]<mailto:[email protected]>> ________________________________ We are doing NAT/PAT at the edge with a firewall module in a 6500 for our 5000 peak logged in users. We use four /20's to break up those users across our wireless controllers. The wireless users are also not the only ones being NATed at that firewall module. All of the dorm wired users are NATed there too. Thanks. Ken -- Ken LeCompte - Telecommunications Analyst Rutgers University Office of Information Technology Campus Computing Services - Central Systems and Services Office ~ (732) 445-4823 On Dec 15, 2009, at 6:36 AM, Lee H Badman wrote: > Thanks for all of the responses- I wonder if anyone with a peak > usage like ours is doing NAT- almost 6500 clients? > > -Lee > ________________________________________ > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [[email protected]<mailto:[email protected]> > ] On Behalf Of Jason Appah [[email protected]<mailto:[email protected]>] > Sent: Monday, December 14, 2009 11:03 PM > To: > [email protected]<mailto:[email protected]> > Subject: Re: [WIRELESS-LAN] Private IP space for wireless users- > anyone? > > Yes, that is what we do. I just wondered how big if a bear it would be > to track pat in a university wireless environment. > > In a second related note, we recently changed our NAT timeout from 3 > to 2 hours as we were beginning to run out of 1 to 1 NAT ranges > > Sent from my iPhone > > Jason Appah > Systems Administrator > Oregon Tech > > On Dec 14, 2009, at 6:33 PM, "Phil Trivilino" > <[email protected]<mailto:[email protected]>> wrote: > >> We do 1to1 dynamic NAT on the ASA firewall and log all the >> translations to a syslog server. Easy to get the private ip from >> the log given the time and global ip. It is all we've seen the need >> for to this point. >> Phil >> >> On Dec 14, 2009, at 8:55 PM, Lee H Badman wrote: >> >>> Wondering how many other schools are using private IP space for >>> wireless users, how you accomplish the NAT, and what mechanisms you >>> use for user tracking for the private-public mappings for forensic/ >>> investigatory purposes. >>> >>> Thanks- >>> >>> Lee >>> ********** >>> Participation and subscription information for this EDUCAUSE >>> Constituent Group discussion list can be found at >>> http://www.educause.edu/groups/ >>> . >> >> ********** >> Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> http://www.educause.edu/groups/ >> . > > ********** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/ > . > > ********** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/ > . ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
