We have a single Student Wireless VLAN for all of campus. We have 25 pools that are all /23s and one legacy pool that is a /21.
Leases expire after 160 minutes. Students can seamlessly roam all over campus as long as they stay within coverage. (We are still working on fleshing out our outdoor coverage, but there are certain paths you can walk and make it across the entire campus already, I believe.) We are doing NAT. 10.4.0.0/16 (where the /23 pools live) is PATted out using our firewall. The firewall logs lines when it builds translations (like "translated this port on this IP internally to this port on this IP externally"). If an abuse report includes the port number, we grep our logs for the port numbers, find the internal address, and check who was logged in from that address. If the report does not include port number, it isn't enough information, so we don't do anything unless there is some other identifying factor. -- Hunter Fuller Network Engineer VBRH M-9B +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Systems and Infrastructure I am part of the UAH Safe Zone LGBTQIA support network: http://www.uah.edu/student-affairs/safe-zone On Tue, May 5, 2015 at 10:19 AM, Legge, Jeffry <jgle...@radford.edu> wrote: > Currently we allow roaming over our entire campus. Some buildings have their > own vlan while others do not. Each year we have more devices and thus our > DHCP pools are stressed. We are looking at changing our network design and > giving each building their own vlan and larger DHCP pools. We currently have > a class B IPV4 internet addresses and will move to NAT. When students are > abusing copyright etc. we are given an IP address and asked to determine who > is doing the abusing. As students roam they could end up with multiple IP > addresses and Natting will complicate the ability to find these abusers I > am curious about the following. > > > > Do y’all have one vlan per building? > > > > How large are you DHCP pools? > > > > What is the pool expiration time? > > > > Do you allow roaming over entire campus, per building or what? > > > > How do y’all find these abusers? > > > > Any thoughts will be appreciated. > > > > -Jeff Legge > > Radford University > > 540-250-5224 > > > > > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
