> On Wed, 21 May 1997, Kevin Smith wrote: > > > At 10:27 AM 5/21/97 -0700, Nelson Lee wrote: > > > > > >Max 4004, 5.0Ap3, 6 12x Modem Cards, two channelized T-1 for dial up, > > >output sent over 10bt to a Livingston PortMaster IRX Router. > > > > > >Every once in a while, the Max will report a route directly to my BSDI > > >Radius/DNS server (xxx.xxx.xxx.1/32) over one of the Wan ports (last night > > >it was Wan12). A traceroute from the Max reports that it reaches the > > >server in one hop. A traceroute from the server never gets to the Max. > > > > Do you have pools-only set to yes on the MAX? > > Do you allow RIP updates from your WAN connections? > > > > It seems like one of your remote clients is connecting and either claiming > > to *be* your server, or claiming to have a route to it.... > > > > I have also seen this. The Max was set to IP pool only, and does not > receive any rip. It was a problem when I was broadcasting rip, would kill > our network until the user dropped. We have checked several of the users > profiles and they seem to be correct. So far all the people that get an > IP > that is not one from the pool get the IP of the radius server or our main > DNS server which is the same IP. For me the crux was this: Ethernet->Mod Config->WAN Options->Pool Only->[Yes/No] When that is set to "No", then a user can claim to be any ip (ie, "Specify an ip address" in Win95 dial-up networking). When that is set to "Yes", then, it seems, they can only be assigned an ip address (from the pool, Radius profile, etc...). I was having trouble with that knocking down my whole network at the POP as Patrick stated since RIP was telling the router to send packets for the server back to the Max. I hacked a cure by making static entries in the router for each pool address and shut off RIP. Ech! I'm concerned that a user can crash my network like this and masquerade as the server (security!). The RUBB (Really Useless Big Book) doesn't make much mention of what this setting really means. I had assumed that it meant that if Pool Only is set to "Yes", then only pool addresses will be assigned and Static ip users are out of luck. The name is rather misleading. ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com To get FAQ'd: <<A HREF="http://www.shore.net/~dreaming/ascend-faq">http://www.shore.net/~dreaming/ascend-faq</A>> or <<A HREF="ftp://ftp.shore.net/members/dreaming/ascend-faq.txt">ftp://ftp.shore.net/members/dreaming/ascend-faq.txt</A>> </PRE> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <!--X-Follow-Ups-End--> <!--X-References--> <HR> <STRONG>References</STRONG>: <UL> <LI><STRONG><A HREF="msg00472.html">Re: (ASCEND) Mysterious appearing route</A></STRONG></LI> <UL> <LI><EM>From</EM>: Patrick Marshall <patrick@digital.net></LI> </UL> </UL> <!--X-References-End--> <!--X-BotPNI--> <HR> <UL> <LI>Prev by Date: <STRONG><A HREF="msg00478.html">Re: (ASCEND) The GET FLEX PROGRAM</A></STRONG> </LI> <LI>Next by Date: <STRONG><A HREF="msg00477.html">Re: (ASCEND) Erols PBX issue ?</A></STRONG> </LI> <LI>Prev by thread: <STRONG><A HREF="msg00472.html">Re: (ASCEND) Mysterious appearing route</A></STRONG> </LI> <LI>Next by thread: <STRONG><A HREF="msg00458.html">(ASCEND) Pipeline 50-ISDN Link</A></STRONG> </LI> <LI>Index(es): <UL> <LI><A HREF="maillist.html#00479"><STRONG>Main</STRONG></A></LI> <LI><A HREF="thrd18.html#00479"><STRONG>Thread</STRONG></A></LI> </UL> </LI> </UL> <!--X-BotPNI-End--> <!--X-User-Footer--> <!--X-User-Footer-End--> </BODY> </HTML>