Elijah Savage III wrote: > this came about they are using this program to update the > clients I > suppose or at least I was told and clients on the same subnet > they can > go out and discover those clients, but any clients not on the > same > subnet that has to cross the router the discover utility does > not work > and the server does not see any of those clients. So doing the > research > from what the vendor told us and reading that doc it looks to > me as if > the server is not talking to one specific ip in the case of ip > helper > but is broadcasting to all the clients on that subnet that is > why I am > stuck.
IP helper address doesn't have to use a specific IP address. It can use a broadcast address, for example, a broadcast for an entire subnet, such as 172.16.10.255. > I should have given more information before but trying > to explain > the security ramifications and routing issues to the nt team > had me so > frustrated last night. I will be putting a sniffer on today on > both Using a Sniffer is the way to go. We're sort of speculating otherwise and having to believe what the application developer types are saying. ;-) I have been wondering if the ip helper address might not be the solution, however. It sounds like you have wondered about that oo. I think what is happening is that the server is sending out directed broadcasts to each of your subnets. I suspect this because the documentation says that you have to tell the server about each of your subnets so that the polling will work. (I may not have the exact wording correctly. I'll check the documenation again.... But it's something like that.) So let's say you told the server that you have the following subnets: 172.16.10.0 /24 172.16.11.0 /24 172.16.12.0 /24 The server will send polls to: 172.16.10.255 172.16.11.255 172.16.12.255 That's what's known as a "directed broadcast." A station not on the subnet directs a broadcast from afar toward the subnet. In the olden days this would have worked. For the last few years, however, Cisco IOS has defaulted to "no ip directed-broadcasts," so this won't work. The fix may be as simple as configuring the router to allow ip directed-broadcasts with the "ip directed-broadcasts" command. Now, Cisco uses that default because there are security concerns with directed broadcasts. One issue was that from afar someone could ping an entire subnet. There's probably more serious issues too. But.... you can associate an access list with "ip directed-broadcasts" that would only allow them to come from that server. Regarding ports, from our previous messages, be sure that if you already have access lists that they aren't blocking the ports used by this new application. Good luck. We feel for your frustration. Argh! Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51849&t=51805 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
