×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Netmask misconfiguration

Unanswered Question
Oct 21st, 2005
User Badges:

Our secuitry guy is telling me that I might have a misconfiguration on one of my As5300 servers a Netmask misconfiguration? His concern is that it's looking for a class B brodcast and not a clas C brodcast that it should be looking for.


Any suggestion?

TIA

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ekeen Mon, 11/14/2005 - 07:08
User Badges:

I'm sorry for the late reply but honestly I've been so busy that I forgot about this issue. Any help would be greatly apprecitated.


TIA



Attachment: 
Richard Burts Mon, 11/14/2005 - 07:43
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Eric


I have looked at the config that you posted and I do not see an issue. But I admit that I do not understand your original message and what the supposed issue would be about subnet masks and broadcast addresses. Both of the Ethernet interfaces are in class B network address space and both are configured with /24 (class C) subnetting. I do not see any issue about this.


Perhaps you can clarify - or ask your security person to clarify - what the concern is. Because at this point I do not see anything out of the ordinary.


HTH


Rick

ekeen Tue, 11/15/2005 - 06:08
User Badges:

Workstations assigned addresses from the pool appear to be searching for the broadcast address of the Class B (xx.xx.255.255) instead of the broadcast of the Class C (xx.xx.xx.255).


TIA

Eric

Richard Burts Tue, 11/15/2005 - 07:58
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Eric


I see the point better now. I do not think that it is much to be worried about, especially since these workstations are connected via PPP connections in which the broadcast address is not a particularly useful concept. These are not workstations on an LAN where addresses are assigned by DHCP (though functionally it is quite similar) in which broadcast packets are functional. Any broadcast from these workstations (no matter whether it is 144.96.153.255 or it is 144.96.255.255) will go only to the 5300 which will decide what to do with it.


And I do not think that you have a misconfiguration. I have several 5350s (very similar to your 5300s) at a customer site. I have a similar configuration with a class B address, subnetted with /24, and with a dial pool as part of the subnet which is on one of the interfaces. I checked and the workstations are being assigned an address with a 255.255.0.0 mask. I am not aware of any configuration option to specify the mask differently as it is assigned to the workstation.


In a practical sense I am not sure that there is a problem. If a client sends a request to 144.96.255.255 it should get to the 5300 and the 5300 should not forward it anywhere since it is the network broadcast and routers do not typically forward the network broadcast.


HTH


Rick

paul.werner Tue, 11/15/2005 - 11:17
User Badges:

I also agree with Rick's assessment of the situation.


Out of curiosity, once the hosts connect, how are other network critical values farmed out to the connected hosts, such as the IP addresses of DNS or WINS servers? Do you use DCHP on this network, or do you manually configure these values in the connected hosts?


pw

Actions

This Discussion