I can't seem to find any information on this. I am at a k-12 school where the school district has a pretty strict Acceptable use Policy. I am wanting to set up my school on VPNs and I want to use Private Addressing to separate the different virtual network subnets. I like the flexibility and security. The district is poo pooing the idea because they say the APU will be harder to enforce with private networks. Surely there is a way to identify authenticated users on private networks? What do other schools/businesses do if they want to enforce their APU and have a private network? Or will my only option be to subnet one of our IP ranges? I don't want to subnet, but I guess I could. Right now I have 2 non-contiguous Class C ranges that are used on all 300 of our computers via DHCP, 1 router, and 4 big switches. I need to get a more efficient network.