netmask incorrect

cm.leung · ‎10-25-2001

Dear Sir,

We have a 2509 router and two async ports are connected to modem. The ethernet port is connected to Internet world. We find that the remote users cannot reach outside (Internet and router 2509 ethernet IP) after a period of time (e.g. 30 minutes or one hour).

The ethernet ip address is 10.10.10.254 255.255.255.0 and the local pool for asyn remote user is 10.10.10.100 to 10.10.10.120. it is simple static route to re-direct all traffic to ISP.

After investigation, we find that the remote user gets the IP address is 10.10.10.102 netmask is 255.0.0.0. I guest that may be the main reason remote user cannot access outside stable. How do we force the remote user to use correct netwask when remote user login to 2509? please enlighten me.

gongxinping · ‎10-25-2001

the mask for remote user should be 255.255.255.255.

Please check whether the remote has and ethernet connection when dialup.

cm.leung · ‎10-26-2001

Yes, the remote user has LAN connection in home or remote branch. the LAN segment is 192.168.10.x netmask 255.255.255.0.

How to force remote user to use /24 (or /32) as netmask?

leowang · ‎10-28-2001

I want to know too.

My problem is :

I can not find remote user's pc in my LAN.

The remote user's IP Address:10.1.1.10 255.255.255.255 GW:10.1.1.10

In LAN, I cannot find remote pc though ping.

simon.machielse · ‎10-29-2001

I beleive the your problem is not the subnetmask but the routing in the cisco.

Because MS Windows asummes the correct subnetmask for a 10.x.x.x adres is 255.0.0.0, this gets passed into the winipcfg utility !

With RAS the subnet mask is not passed to the client upon dialin, the client does not take part in the routing process, al the routing is done by the cisco.

Therefor the subnetmask and the default gateway is not important.

Take a look at your default gateway adres of the dialin client, it is the same adres as the dialup interface of the client.

Hope this helps you a little further.

Regards,

Simon Machielse

simon.machielse@cw.com

cm.leung · ‎10-29-2001

Thank Simon, I capture the remote client info:

Description . . . . . . . . : PPP Adapter.

Physical Address. . . . . . : 44-45-53-54-00-00

DHCP Enabled. . . . . . . . : Yes

IP Address. . . . . . . . . : 10.10.10.112

Subnet Mask . . . . . . . . : 255.0.0.0

Default Gateway . . . . . . : 10.10.10.112

DHCP Server . . . . . . . . : 255.255.255.255

Primary WINS Server . . . . :

Secondary WINS Server . . . :

Lease Obtained. . . . . . . : 01 01 80 12:00:00 AM

Lease Expires . . . . . . . : 01 01 80 12:00:00 AM

The default gateway IP is the same as the IP the cilent gets. Could I force win98 to use /24 as the default netmask?

B. Regards,

CM Leung

mtienghi · ‎10-30-2001

Hi !

The capture you've done is normal under most aspects, but there is something strange in the last 2 rows.

It's normal behaviour for WinXX to set the default gateway the same as the acquired address when using RAS. This is also possible on a LAN card and only means that the PC always resolves addresses/routes by itself instead of relying on an external gateway. There is no way to force the netmask to /24 and it brings also nothing.

You could also pass a DNS end/or WINS address to your clients via the 2509, which you don't do as I see.

The strange thing in the last two rows I meant above is the date reference of the lease.

Did you set the clock of yout 2509 by hand or via SNTP ? It looks as if the date is 01 jan 1980 at noon, and the same data results as expiration time. This coud mean that if a second client dials-in, the address you originally had coud be considered as available and assigned to the newcomer. This is only a doubt but could explain why you can work for some time prior to loose connection. I don't know of any other cache or timed mechanism which expires in about 30 minutes as you said in the initial question. Maybe this is the right direction to investigate instead of caring of addresses and netmasks that remain stable over time.

Have you tried with a "tracert -d [destination]" from the client when the problem occurs ? Where does it halt ?

Have you done any debug on the router side ? And some "show dialer map" or "show ip route" ?

BTW, there are a lot of known issues un this topic in the MS online searchable Knowledge base.

Some documents are also to find on CCO. Just launch a search.

I can't find it anymore, but one of this explained the way MS-RAS assigns addresses/masks and how it works in detail.

A li'l bit long but hope this helps

jkemery · ‎01-23-2002

I have seen this with RAS. To fix it you need to a Valid Class C network.

ex. 192.168.0.1 / 255.255.255.0

MSRAS assumes that with a 10.x.x.x IP network you are using a Class A mask. And it therefore gives RAS clients Class A masks. Either change your mask to Class A or your subnet to a complete Class C. With MSRAS you can't have it the way you do. A better way to do this is to get a Cisco 2620 router with an ASYNC module in it, get rid of MSRAS it sucks and will cause you more trouble than its worth. You should also include some AAA into the design. If you have Cisco Works 2k you can purchase the Tacacs server module for Windows 2000 server. This will allow you to sync your windows accounts from the router. That way users dialing in will just have one login from the domain.

To go one step farther, you could purchase a PRI interface on the router and setup a true 56k digital dial-in. I have done this and it works very well.

Hope that helps,

:)

jk, CCNP,CCDA,WLAN