On 05/05/2015 11:19 AM, Legge, Jeffry wrote:
Currently we allow roaming over our entire campus. Some buildings have
their own vlan while others do not. Each year we have more devices and
thus our DHCP pools are stressed. We are looking at changing our
network design and giving each building their own vlan and larger DHCP
pools. We currently have a class B IPV4 internet addresses and will
move to NAT. When students are abusing copyright etc. we are given an
IP address and asked to determine who is doing the abusing. As
students roam they could end up with multiple IP addresses and Natting
will complicate the ability to find these abusers I am curious about
the following.
Do y’all have one vlan per building?
We use vlan groups, distributed between one of 3 wireless systems. We
have found that if you use a mix of admin and resnet buildings you get a
nice dhcp distribution. Our groups have 10,000 addresses each.
How large are you DHCP pools?
We use /22 subnets for each vlan, and have about 10 vlans per group.
What is the pool expiration time?
Our lease time is 20 minutes. Yeah, very short. It is the only way to
keep usage down.
Do you allow roaming over entire campus, per building or what?
We are designed to roam seamlessy wherever that is possible. So if you
have to get in a car to drive, you can not roam.
How do y’all find these abusers?
For now it is all public address space with radius accounting to find
people. We too, are also going down the NAT investigation and our
current though process is NAT session logging from the firewall matched
to the radius request. But still investigating.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
