cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
771
Views
0
Helpful
6
Replies

Netmask misconfiguration

ekeen
Level 1
Level 1

Our secuitry guy is telling me that I might have a misconfiguration on one of my As5300 servers a Netmask misconfiguration? His concern is that it's looking for a class B brodcast and not a clas C brodcast that it should be looking for.

Any suggestion?

TIA

6 Replies 6

paul.werner
Level 1
Level 1

Can you post the config?

I'm sorry for the late reply but honestly I've been so busy that I forgot about this issue. Any help would be greatly apprecitated.

TIA

Eric

I have looked at the config that you posted and I do not see an issue. But I admit that I do not understand your original message and what the supposed issue would be about subnet masks and broadcast addresses. Both of the Ethernet interfaces are in class B network address space and both are configured with /24 (class C) subnetting. I do not see any issue about this.

Perhaps you can clarify - or ask your security person to clarify - what the concern is. Because at this point I do not see anything out of the ordinary.

HTH

Rick

HTH

Rick

Workstations assigned addresses from the pool appear to be searching for the broadcast address of the Class B (xx.xx.255.255) instead of the broadcast of the Class C (xx.xx.xx.255).

TIA

Eric

Eric

I see the point better now. I do not think that it is much to be worried about, especially since these workstations are connected via PPP connections in which the broadcast address is not a particularly useful concept. These are not workstations on an LAN where addresses are assigned by DHCP (though functionally it is quite similar) in which broadcast packets are functional. Any broadcast from these workstations (no matter whether it is 144.96.153.255 or it is 144.96.255.255) will go only to the 5300 which will decide what to do with it.

And I do not think that you have a misconfiguration. I have several 5350s (very similar to your 5300s) at a customer site. I have a similar configuration with a class B address, subnetted with /24, and with a dial pool as part of the subnet which is on one of the interfaces. I checked and the workstations are being assigned an address with a 255.255.0.0 mask. I am not aware of any configuration option to specify the mask differently as it is assigned to the workstation.

In a practical sense I am not sure that there is a problem. If a client sends a request to 144.96.255.255 it should get to the 5300 and the 5300 should not forward it anywhere since it is the network broadcast and routers do not typically forward the network broadcast.

HTH

Rick

HTH

Rick

I also agree with Rick's assessment of the situation.

Out of curiosity, once the hosts connect, how are other network critical values farmed out to the connected hosts, such as the IP addresses of DNS or WINS servers? Do you use DCHP on this network, or do you manually configure these values in the connected hosts?

pw