[unisog] Chronicle of Higher Ed. article on NetPD

Scott Genung sagenung at ilstu.edu
Thu Nov 8 00:52:28 GMT 2001

At 04:41 PM 11/7/2001 -0600, you wrote:
>On Wed, 7 Nov 2001, Paul L Schmehl wrote:
> > We use NAT in the residence halls.  That's even worse.  At the present 
> time
> > we have no way of verifying who was using a particular IP at a particular
> > time.  So, even if we could ID the user, by the time we did that (by
> > grepping logs for MAC addresses associated with an IP - if the user is
> > still online - there's no logging) and associated their IP/MAC with a name
> > and physical location, they could be in class/eating/at the library/you
> > name it.

We had a similar dilemma. We've deployed private addressing everywhere on 
the campus network where DHCP is required (ie: in the residence hall 
networks, off-campus ADSL networks, public access networks, and so on). 
This model created a huge dependency upon NAT. As expected, the largest 
percentage of Internet volume is sourced from private IP address space.

Our NAT solution is based upon multiple Cisco routers optimized for NAT 
(ie: NSE-1 processors with PXF enabled). When we started seeing these 
messages from NetPD, there wasn't much that we could do in the beginning 
except hope that the translation hadn't expired.

A month or two ago, a newer version of IOS (ie: 12.2.(3)) supported the 
logging of NAT translations and expirations to syslog. Since CiscoWorks 
doesn't support the format for these records, we built a separate syslog 
server and tied our DHCP logs into the same box. We're not quite done with 
it yet but it has already yielded some major benefits. Now we can resolve a 
translated address to a MAC address through the served private address. 
Since we require our DHCP users to complete a web form to obtain a real 
address lease, we know who owns the MAC address. We then pass this 
information on to the appropriate people on campus that deal with these issues.

I'm sure others are using a different NAT solution than we are. Tormenting 
your vendor about NAT logging is probably the next best step to solving 
this problem.

Scott Genung
Manager of Networking Systems
Telecommunications and Network Support Services
Illinois State University

(309)438-8731	http://www.tnss.ilstu.edu

More information about the unisog mailing list