Higher Education

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Highlighted
Contributor II

Xbox Live NAT Restrictions

We do our absolute best to allow every service possible to our students.  Obviously, in housing students, we have a demographic that is in the sweet spot for gamers.  Being a smaller University, and our IT predecessors not having the foresight to get their class B from ARIN, we're stuck using NAT to provide access to the Internet for Faculty, Staff, and Students alike.  Because of this, this throws wrinkles into supporting online services such as Xbox Live, Playstation Network, etc.   I've pretty much thrown up my hands at being able to do anything other than Strict NAT, and am curious (short of having public addresses everywhere) if anyone else has tackled this problem and solved it.  I'd love to be able to grant a better gaming experience to our students living on campus.

7 REPLIES

Re: Xbox Live NAT Restrictions

 


daringone wrote:

We do our absolute best to allow every service possible to our students.  Obviously, in housing students, we have a demographic that is in the sweet spot for gamers.  Being a smaller University, and our IT predecessors not having the foresight to get their class B from ARIN, we're stuck using NAT to provide access to the Internet for Faculty, Staff, and Students alike.  Because of this, this throws wrinkles into supporting online services such as Xbox Live, Playstation Network, etc.   I've pretty much thrown up my hands at being able to do anything other than Strict NAT, and am curious (short of having public addresses everywhere) if anyone else has tackled this problem and solved it.  I'd love to be able to grant a better gaming experience to our students living on campus

 

Edit: not need to answer that question since Xbox don't allow you connect using 802.1x .

 

One thing you could do is a combination of mac auth matching the OUI based on the type of device and placing those in a particular role that allows you to access everything but some of the insecure protocols , this a method we are using today 

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II

Re: Xbox Live NAT Restrictions

They get whitelisted on our Captive Portal SSID.

Re: Xbox Live NAT Restrictions

 

 

Are you sharing that SSID with other devices :laptops , smartphones, etcc?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II

Re: Xbox Live NAT Restrictions

We are, but those people are encouraged to use our WPA2 Enterprise SSID if their device supports it.  The existence of the CP SSID is primarily to support gaming devices, as none of them to my knowledge support Enterprise authentication.  There are a few other oddities that go in there, but I've instructed our TSC to move people to the secured network every chance they get.

Frequent Contributor I

Re: Xbox Live NAT Restrictions

On our non-802.1X SSID, we are using a home growm DNS capture & portal to block our main wweb page and our Blackboard servers.

If users try to go to these sites, they get redirected to a web page giving them the opportunity of configuring their device for the 802.1X SSID.

Bruce Osborne - Wireless Engineer
ACCP, ACMP
New Contributor

Re: Xbox Live NAT Restrictions

Isn't the larger question here wether or not you want to allow UPNP through your firewalls to your LAN for Xbox Live and other like services to function correctly?  

 

They way we ended up tackleing this is we are using clearpass and Mactrack to drop all gaming consoles into their own vlan\role and they are then directed out though a open source firewall that actually has UPNP support built into it as our corporate firewalls do not.  I for one won't let UPNP through our corporate firewalls and into our fac/staff or even student subnets.  That's the best solution I've found so far.   

 

 

Frequent Contributor I

Re: Xbox Live NAT Restrictions

We just started offering student housing.  We are rolling out ClearPass soon and I plan to have a small VLAN with a number of public IP addresses that will be issued to gaming consoles.  We will then use our Palo Alto firewall to apply bandwidth and some network restrictions to protect our network while allowing the students to play their gaming systems.  We have 2 class C public addresses, so not a ton of space but we currently offer housing for 80 students so we will see how things go with this test.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: