Re: PAT address user identification: methods?

[Graham Toal <gtoal () UTPA EDU>]

> We also have ran into the problem of PAT translation
> obscuring the original internal IP addresses.
>
> We are in the process of installing a Cisco MARS device,
> which we believe will automatically keep track of PAT translations.

That's great if the complaint comes with an accurate timestamp.
Otherwise you're no better off.

Stick to 1:1 NAT if you can't use real IPs.  And if you're
using DHCP, tie the IP to the MAC as an approximation of issuing
static IPs.  Even long leases don't work if the clients can
force a new ip with a dhcp release command.  Having the switch
learn the IP and not accept a new one is a useful trick too.
If your students are deliberately up to no good they will find
ways to obfuscate their IP.  Changing their Netbios name and
faking a different MAC address to fool the DHCP logs for example.
Stealing someone's IP who is offline.

You need to use the switch as well as the DHCP server to be sure.
Do you use anything like 802.1x at your site?

G