Re: (ASCEND) Mysterious appearing route

To: Patrick Marshall <patrick@digital.net>
Subject: Re: (ASCEND) Mysterious appearing route
From: Nelson Lee <lnelson@e-zone.e-z.net>
Date: Thu, 22 May 1997 09:05:16 -0700 (PDT)
cc: Kevin Smith <kevin@ascend.com>, Ascend User Group <ascend-users@bungi.com>
In-Reply-To: <Pine.GSO.3.96.970521205918.10758A-100000@digital.net>
Sender: owner-ascend-users@max.bungi.com

On Wed, 21 May 1997, Patrick Marshall wrote:

> On Wed, 21 May 1997, Kevin Smith wrote:
> 
> > At 10:27 AM 5/21/97 -0700, Nelson Lee wrote:
> > >
> > >Max 4004, 5.0Ap3, 6 12x Modem Cards, two channelized T-1 for dial up, 
> > >output sent over 10bt to a Livingston PortMaster IRX Router.
> > >
> > >Every once in a while, the Max will report a route directly to my BSDI
> > >Radius/DNS server (xxx.xxx.xxx.1/32) over one of the Wan ports (last night
> > >it was Wan12).  A traceroute from the Max reports that it reaches the
> > >server in one hop. A traceroute from the server never gets to the Max.  
> > 
> > Do you have pools-only set to yes on the MAX? 
> > Do you allow RIP updates from your WAN connections?
> > 
> > It seems like one of your remote clients is connecting and either claiming
> > to *be* your server, or claiming to have a route to it....
> > 
> 
> I have also seen this.  The Max was set to IP pool only, and does not
> receive any rip.  It was a problem when I was broadcasting rip, would kill
> our network until the user dropped.  We have checked several of the users
> profiles and they seem to be correct.  So far all the people that get an
> IP
> that is not one from the pool get the IP of the radius server or our main
> DNS server which is the same IP.  

For me the crux was this:

Ethernet->Mod Config->WAN Options->Pool Only->[Yes/No]

When that is set to "No", then a user can claim to be any ip (ie, 
"Specify an ip address" in Win95 dial-up networking).  When that is set 
to "Yes", then, it seems, they can only be assigned an ip address (from 
the pool, Radius profile, etc...).

I was having trouble with that knocking down my whole network at the POP
as Patrick stated since RIP was telling the router to send packets for the
server back to the Max.  I hacked a cure by making static entries in the
router for each pool address and shut off RIP.  Ech! 

I'm concerned that a user can crash my network like this and masquerade 
as the server (security!).  The RUBB (Really Useless Big Book) doesn't 
make much mention of what this setting really means.  I had assumed that 
it meant that if Pool Only is set to "Yes", then only pool addresses will be 
assigned and Static ip users are out of luck.  The name is rather misleading.
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.shore.net/~dreaming/ascend-faq>
or		<ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>

References:

Re: (ASCEND) Mysterious appearing route

From: Patrick Marshall <patrick@digital.net>

Prev by Date: Re: (ASCEND) The GET FLEX PROGRAM
Next by Date: Re: (ASCEND) Erols PBX issue ?
Prev by thread: Re: (ASCEND) Mysterious appearing route
Next by thread: (ASCEND) Pipeline 50-ISDN Link
Index(es):
- Main
- Thread