We're considering NATing our open (CP) SSID to ensure there's enough IPv4 space for our .1x users. Looking at the last three months the max clients for the open SSID is under 5k devices. Max clients for the .1x SSID is 15k. We have one master and ten local controllers, all M3ks, running 6.2.1.5.
With this scale can NAT for the 5k users be done on the controllers or do we need to look at external solutions? Looking at past posts I see Juniper SRX, and Cisco ASA as possible choices. Anyone doing this with Palo Alto?
Also, is NATing everything or only at the border a better way to go?
Thanks,
Mike