On 05/05/2015 10:19 AM, Legge, Jeffry wrote:
Do y’all have one vlan per building?
We have all our wireless on our campus going back to one of four
wireless core routers (Catalyst 6509 w/ a bunch of WiSM-2 modules in
each). Each of those routers has one Vlan for all clients served by WAPs
served by the controllers in each. It is not one per building.
How large are you DHCP pools?
Each of those Vlans is a /16 in size.
What is the pool expiration time?
Our DHCP lease times are set to 30 minutes.
Do you allow roaming over entire campus, per building or what?
We have roaming enabled across our entire campus (shared mobility group
on all controllers/WAPs), but our observations have been that it is very
hit or miss whether or not roaming actually works (ie. client connection
gets tunneled back to its anchor controller).
How do y’all find these abusers?
We use 802.1x to authenticate users, and each person logs on using their
own University-issued unique electronic ID. We poll the wireless
controllers regularly and log the username, IP, and MAC (and we have
RADIUS logs as well, which have username and MAC). On the NAT side,
we're using fixed NAT. So, if provided with an IP address, port number,
and timestamp from the reporting agency, we can look up or calculate the
"inside" address. We then correlate those with the user logs to identify
the user.
Jason
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
