Introduction:

In order to conserve public IPv4 addresses, wireless devices are assigned private addresses and utilize Network Address Translation (NAT) to access off-campus resources.

What is NAT?

Each device is given an IP address that can be used only on campus. When traffic is sent off-campus, the source address is translated (using Network Address Translation or NAT) to a public address that can be routed on the Internet. Any response to that traffic is translated back from the Internet-routable public address to the private IP address and sent back to the device.

Why NAT?

Public IPv4 addresses are limited resource.  In order to ensure that there are is an adequate supply of public IPv4 addresses for those devices and applications that truly need them, the University needs to move certain networks to private IPv4 addresses and implement NAT. There is a new protocol (IPv6) which has several magnitudes more address space available, but it will be some time before all devices and services use this protocol.

What address will my wireless device be assigned ?

Wireless devices will be assigned private IPv4 addresses in the following ranges. Wireless devices will use these addresses to connect to on-campus resources.

Campus East of the Iowa River:
172.17.0.0/17 (172.17.0.1 – 172.17.127.254)
172.23.0.0/17 (172.23.0.1 - 172.23.127.254)

Campus West of the Iowa River and the Research Park:
172.17.128.0/17 (172.17.128.1 – 172.17.255.254)
172.23.128.0/17 (172.23.128.1 - 172.23.255.254)

What address space will my wireless device use to access the Internet ?

To connect to off-campus resources (the Internet), traffic from wireless devices will be routed through NAT devices and their addresses translated into public IPv4 addresses.

Because we are using NAT, multiple wireless devices may share the same public IP address. This may affect functionality of certain applications.

IT support personnel who need to know what the public IP ranges addresses are, should contact Network Services via the ITS Help Desk.

What should technical support staff need to do to support NAT?

Any 172.17.x.x address should be recognized as belonging to the University, just like 128.255.x.x and 129.255.x.x addresses. We’ve used addresses in the 172.16.0.0/12  range for several years. If you are responsible for University resources with access restricted by IP address, please verify that the appropriate IP ranges are allowed. Some common activities that are restricted by IP include: Remote Desktop, File Shares, Secured website.

How does implementing NAT  affect devices using Local Scoped Addresses (LSA)?

This will not affect devices using LSA addresses (172.30.0.0/16). Per policy, devices using LSA address space  do not need to reach the Internet. They will be reachable by wireless devices on campus, but traffic from LSA devices will remain isolated from the Internet.

Who do I contact if I have additional questions?

Contact the ITS Help Desk at 4-HELP (4-4357).

Article number: 
4009
Last updated: 
May 19, 2016