We have been running PAT (NAT) for over 5 years now on our wireless network.
This year we have over 10k concurrent users on wireless. Meru provides the majority of our wireless network gear. We have 3 SSIDs (captive portal, 802.1x, and guest). Each of these 3 SSID's is assigned a single /19 of 172.18. space (Meru suppresses broadcast at the AP). We use Cisco ASA 5580's as the devices managing the PAT translations and L3 interfaces. We assign 1 overload address per 256 addresses. Our DHCP timeout is set to 2 hours. From a network perspective this has been working just fine. If you want any other details let me know. -- Jason E. Murray Sr. Systems Engineer Washington University in St. Louis Phone: 314-935-4865 Email: [email protected] Web: http://nss.wustl.edu/~jemurray/ On 9/27/12 3:48 PM, Hanset, Philippe C wrote: > This is official, we have almost reached the capacity of our public IP > addresses (20,000 just on Wireless) > We love IPv6, but for the moment it's not going to solve our issue! > > So, NAT it is, and we have zero experience besides our visitor network that > handles 1000+ users. > > Our plan is to terminate NAT on our Fortinet firewalls, and assign 32 VLANs > (in our Aruba VLAN pools) > with a private /21 in each subnet. So ~64,000 IP addresses. We block mDNS > etc... no worries there. > > We can now move away from the 30 minutes lease time and go to... I was > thinking 12 or 14 hours. > > We plan to do NAT-PAT 1 public to 8 private IP ratio or 1 to 16. > > People with similar size networks: Anything to worry about? > DHCP capacity, NAT capacity, Logs, ... ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
signature.asc
Description: OpenPGP digital signature
