Higher Education

last person joined: 22 hours ago 

Got questions on how to enable mobility in education? Submit them here!
Expand all | Collapse all

Xbox Live NAT Restrictions

  • 1.  Xbox Live NAT Restrictions

    Posted Jun 28, 2013 02:58 PM

    We do our absolute best to allow every service possible to our students.  Obviously, in housing students, we have a demographic that is in the sweet spot for gamers.  Being a smaller University, and our IT predecessors not having the foresight to get their class B from ARIN, we're stuck using NAT to provide access to the Internet for Faculty, Staff, and Students alike.  Because of this, this throws wrinkles into supporting online services such as Xbox Live, Playstation Network, etc.   I've pretty much thrown up my hands at being able to do anything other than Strict NAT, and am curious (short of having public addresses everywhere) if anyone else has tackled this problem and solved it.  I'd love to be able to grant a better gaming experience to our students living on campus.



  • 2.  RE: Xbox Live NAT Restrictions

    Posted Jun 28, 2013 03:05 PM

     


    @daringone wrote:

    We do our absolute best to allow every service possible to our students.  Obviously, in housing students, we have a demographic that is in the sweet spot for gamers.  Being a smaller University, and our IT predecessors not having the foresight to get their class B from ARIN, we're stuck using NAT to provide access to the Internet for Faculty, Staff, and Students alike.  Because of this, this throws wrinkles into supporting online services such as Xbox Live, Playstation Network, etc.   I've pretty much thrown up my hands at being able to do anything other than Strict NAT, and am curious (short of having public addresses everywhere) if anyone else has tackled this problem and solved it.  I'd love to be able to grant a better gaming experience to our students living on campus

     

    Edit: not need to answer that question since Xbox don't allow you connect using 802.1x .

     

    One thing you could do is a combination of mac auth matching the OUI based on the type of device and placing those in a particular role that allows you to access everything but some of the insecure protocols , this a method we are using today 

     

     



  • 3.  RE: Xbox Live NAT Restrictions

    Posted Jun 28, 2013 03:10 PM

    They get whitelisted on our Captive Portal SSID.



  • 4.  RE: Xbox Live NAT Restrictions

    Posted Jun 28, 2013 03:12 PM

     

     

    Are you sharing that SSID with other devices :laptops , smartphones, etcc?



  • 5.  RE: Xbox Live NAT Restrictions

    Posted Jun 28, 2013 03:15 PM

    We are, but those people are encouraged to use our WPA2 Enterprise SSID if their device supports it.  The existence of the CP SSID is primarily to support gaming devices, as none of them to my knowledge support Enterprise authentication.  There are a few other oddities that go in there, but I've instructed our TSC to move people to the secured network every chance they get.



  • 6.  RE: Xbox Live NAT Restrictions

    Posted Jun 28, 2013 03:17 PM

    On our non-802.1X SSID, we are using a home growm DNS capture & portal to block our main wweb page and our Blackboard servers.

    If users try to go to these sites, they get redirected to a web page giving them the opportunity of configuring their device for the 802.1X SSID.



  • 7.  RE: Xbox Live NAT Restrictions

    Posted Aug 09, 2013 07:25 PM

    Isn't the larger question here wether or not you want to allow UPNP through your firewalls to your LAN for Xbox Live and other like services to function correctly?  

     

    They way we ended up tackleing this is we are using clearpass and Mactrack to drop all gaming consoles into their own vlan\role and they are then directed out though a open source firewall that actually has UPNP support built into it as our corporate firewalls do not.  I for one won't let UPNP through our corporate firewalls and into our fac/staff or even student subnets.  That's the best solution I've found so far.   

     

     



  • 8.  RE: Xbox Live NAT Restrictions

    Posted Aug 16, 2013 05:41 PM

    We just started offering student housing.  We are rolling out ClearPass soon and I plan to have a small VLAN with a number of public IP addresses that will be issued to gaming consoles.  We will then use our Palo Alto firewall to apply bandwidth and some network restrictions to protect our network while allowing the students to play their gaming systems.  We have 2 class C public addresses, so not a ton of space but we currently offer housing for 80 students so we will see how things go with this test.



  • 9.  RE: Xbox Live NAT Restrictions

    Posted Sep 19, 2018 01:22 AM

    Is It possible to share the SSID with other devices?

    Can we usee a single network to share information?