Our secuitry guy is telling me that I might have a misconfiguration on one of my As5300 servers a Netmask misconfiguration? His concern is that it's looking for a class B brodcast and not a clas C brodcast that it should be looking for.
I have looked at the config that you posted and I do not see an issue. But I admit that I do not understand your original message and what the supposed issue would be about subnet masks and broadcast addresses. Both of the Ethernet interfaces are in class B network address space and both are configured with /24 (class C) subnetting. I do not see any issue about this.
Perhaps you can clarify - or ask your security person to clarify - what the concern is. Because at this point I do not see anything out of the ordinary.
I see the point better now. I do not think that it is much to be worried about, especially since these workstations are connected via PPP connections in which the broadcast address is not a particularly useful concept. These are not workstations on an LAN where addresses are assigned by DHCP (though functionally it is quite similar) in which broadcast packets are functional. Any broadcast from these workstations (no matter whether it is 184.108.40.206 or it is 220.127.116.11) will go only to the 5300 which will decide what to do with it.
And I do not think that you have a misconfiguration. I have several 5350s (very similar to your 5300s) at a customer site. I have a similar configuration with a class B address, subnetted with /24, and with a dial pool as part of the subnet which is on one of the interfaces. I checked and the workstations are being assigned an address with a 255.255.0.0 mask. I am not aware of any configuration option to specify the mask differently as it is assigned to the workstation.
In a practical sense I am not sure that there is a problem. If a client sends a request to 18.104.22.168 it should get to the 5300 and the 5300 should not forward it anywhere since it is the network broadcast and routers do not typically forward the network broadcast.
I also agree with Rick's assessment of the situation.
Out of curiosity, once the hosts connect, how are other network critical values farmed out to the connected hosts, such as the IP addresses of DNS or WINS servers? Do you use DCHP on this network, or do you manually configure these values in the connected hosts?
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...