Re: Issues with Xbox 360

["Kapucu, Ali" <akapucu () KENT EDU>]

We gave up on PAT/NAT game for gaming consoles/Apple TV/Roku etc.. and created “Gaming” SSID for them. Student can 
register their device mac addresses and can get Public ip.
—
Ali






On 8/26/15, 11:39 PM, "The EDUCAUSE Security Constituent Group Listserv on behalf of Dan Oachs" <SECURITY () LISTSERV 
EDUCAUSE EDU on behalf of doachs () GAC EDU> wrote:

> I'm sure you have all heard this a million times by now, but I'm going 
> to repeat it anyway.  I would strongly suggest investing some time in 
> getting the game consoles onto a network that supports native IPv6 ( but 
> don't stop there, get the whole campus moved). Xboxes like or dare I say 
> crave IPv6 and will do everything they can to use it whether you like it 
> or not.  There are really very few excuses these days not to give it a 
> shot.  Heck, all three of our ISPs are happy to route our IPv6 traffic.
>
> --Dan
>
>
>
> On 8/26/15 10:06 PM, Gregg, Christopher S. wrote:
> > It sounds like this might  be a (temporary) service issue with Xbox Live per the previous response.
> >
> > However, we were the school that reported the game console NAT issues with our Palo Alto last winter.  Our interim 
> > solution for spring semester was a very labor intensive 1:1 NAT solution with reserved IP addresses.  Our solution 
> > for this school year is that as we have implemented Cisco ISE, the system is able to auto-profile game consoles and 
> > put them on a VLAN that uses public IP addresses while other devices on the network are assigned private IP's and 
> > NAT'd.  We just went live at the beginning of August and so far, so good.
> >
> > Chris
> >
> >
> > Chris Gregg
> > Director of IT
> > Information Resources and Technologies (IRT)
> > University of St. Thomas, Minnesota
> > csgregg () stthomas edu
> >
> >
> >
> > -----Original Message-----
> > From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
> > Councill, David
> > Sent: Wednesday, August 26, 2015 4:20 PM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: [SECURITY] Issues with Xbox 360
> >
> > Now that the fall semester has just started this week, I have received complaints from a number of residents of our 
> > residence halls that they are getting disconnects from Xbox Live. Getting information passed on to us can be 
> > difficult but with more information and some testing, the problem appears to only affect Xbox 360 (not Xbox 1) and 
> > only happens when more than one user tries to connect from the same dorm network. We are using PAT for each of our 
> > dorm networks, and the Microsoft answer is to open up ports on the firewall. But since we use PAT, we would still 
> > have to go to a 1:1 NAT before we could do any port forwarding. There was a discussion on similar NAT issues with 
> > Xbox early this year (January) on this list relative to using Palo Alto firewalls thus I thought I would try this 
> > list again.
> >
> > Right now, we are wondering why this problem just started occurring this semester as we haven't had problems in past 
> > years using PAT. The fact that it only affects the older Xboxes would indicate the issue is on Microsoft's side. Is 
> > anyone else seeing this problem? And how are you dealing with it? The only fix I see so far would be tracking the 
> > hundreds of Xboxes on campus and assigning them static or reserved IPs with a 1:1 NAT which seems to be impractical 
> > and time consuming.
> >
> >
> > __
> >
> >
> > David Councill
> > Network Security Engineer
> > Washington State University
> > Information Technology Building | PO Box 641222 | Pullman, WA 99164 david.councill () wsu edu
> >
> >
> >
> >
> >