cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1171
Views
10
Helpful
3
Replies

Proxy bypassed with dynamic IP address

jewedo828417539
Level 1
Level 1

Good evening,

My company provides access to selected websites through proxy servers. however, it is found that when a pc is connected to the intranet and no static IP address is configured in the pc (ie, when the option 'obtain an IP address automatically' is selected), any website can be accessed from the pc, bypassing the proxy server. My questions are:

1. Is it normal that the proxy can be bypassed with a dynamic IP in an otherwise statically configured network of PCs?

2. Does a Cisco router (4200 series or 1900 series) act as DHCP server by default? If not, how does the pc with no static IP address configured get a random private IP address in the range 192.168.1.*?

3. I inquired with the support team of another company and I was informed that until a PC is configured with a static IP in their network, the PC acquires a link local IP address. Are link local ip addresses an option to prevent internet access in such cases? 

1 Accepted Solution

Accepted Solutions

Richard Burts
Hall of Fame
Hall of Fame

There are things about your environment that we do not know and this makes it difficult to provide comprehensive answers. But there are some parts of your question that we can answer at this point. 

 

Your question #2 asks whether Cisco router by default will act as DHCP server. The answer is that no a Cisco router will not by default act as a DHCP server. A Cisco router can be configured to provide this service, but it is not enabled by default. It would help if we knew more about how the PCs in this network are configured. You say that the PC does not have static IP address and that is a beginning. But what other possibilities might there be? Is it possible that the PC has one interface for a wired connection but also has another interface for a wireless connection? Is it possible that there is some other device in the network that is providing IP addressing? I can say with some confidence that if a PC is configured to use DHCP to get an IP address and if there is no device in that network providing DHCP that a PC would get an address in the 169.254 network. If a PC gets an IP in the 192.168.1 network then I am confident that some device in the network is providing addressing service.

 

Your question #3 asks about link local addresses. That term has a specific meaning in IPv6 but is a bit ambiguous in IPv4. I would assume that they were referring to the 169.254 addressing but it might mean something else. It would help to have clarification of this. And whether it would prevent internet access or not depends on how the network was configured. One factor in this would be the need for address translation. If devices inside the network are assigned private IP addresses then they need to have address translation to access the internet. If the address translation is configured to translate certain subnets/networks from inside then this would prevent link local from getting out. But if the translation is configured to translate all traffic coming from inside then it would not prevent internet access for those PCs. 

 

As far as your question #1 it depends on how the network is set up to access the proxy. If the standard for your organization is that PCs will be statically configured and if there is a parameter in the configuration to specify use of the proxy then it would make sense that any PC that dynamically gets its configuration would not have the proxy parameter. 

HTH

Rick

View solution in original post

3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

There are things about your environment that we do not know and this makes it difficult to provide comprehensive answers. But there are some parts of your question that we can answer at this point. 

 

Your question #2 asks whether Cisco router by default will act as DHCP server. The answer is that no a Cisco router will not by default act as a DHCP server. A Cisco router can be configured to provide this service, but it is not enabled by default. It would help if we knew more about how the PCs in this network are configured. You say that the PC does not have static IP address and that is a beginning. But what other possibilities might there be? Is it possible that the PC has one interface for a wired connection but also has another interface for a wireless connection? Is it possible that there is some other device in the network that is providing IP addressing? I can say with some confidence that if a PC is configured to use DHCP to get an IP address and if there is no device in that network providing DHCP that a PC would get an address in the 169.254 network. If a PC gets an IP in the 192.168.1 network then I am confident that some device in the network is providing addressing service.

 

Your question #3 asks about link local addresses. That term has a specific meaning in IPv6 but is a bit ambiguous in IPv4. I would assume that they were referring to the 169.254 addressing but it might mean something else. It would help to have clarification of this. And whether it would prevent internet access or not depends on how the network was configured. One factor in this would be the need for address translation. If devices inside the network are assigned private IP addresses then they need to have address translation to access the internet. If the address translation is configured to translate certain subnets/networks from inside then this would prevent link local from getting out. But if the translation is configured to translate all traffic coming from inside then it would not prevent internet access for those PCs. 

 

As far as your question #1 it depends on how the network is set up to access the proxy. If the standard for your organization is that PCs will be statically configured and if there is a parameter in the configuration to specify use of the proxy then it would make sense that any PC that dynamically gets its configuration would not have the proxy parameter. 

HTH

Rick

Thanks Mr. Richard Burts.

You are welcome. I am glad that my explanations were helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: