Subject: | |
From: | |
Reply To: | |
Date: | Tue, 6 Sep 2005 13:25:05 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Forgive me for not knowing this, but how does one "enable" L3 capability.
Here at UCI we do not NAT, however a bunch of our residents still insist on
pluggin in wireless routers and wonder why they have problems.
Thanks in advance,
Ted Roberge
Manager, Residential Network Services
University of Callifornia, Irvine
-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Hague, Jeff
Sent: Tuesday, September 06, 2005 1:16 PM
To: [log in to unmask]
Subject: Re: Agent 3.5.6
So, are you saying that users can not "hide" behind a nat router if L3 is
disabled? It seems to me that they would be able to hide because all the
Clean Access server will see is the mac and IP of the "WAN"
interface of the router and will pass all traffic from that mac.
Wouldn't be true either way?
Jeff
-----Original Message-----
From: Simon Bell [mailto:[log in to unmask]]
Sent: Tuesday, September 06, 2005 3:46 PM
To: [log in to unmask]
Subject: Re: [PERFIGO] Agent 3.5.6
yes, it must be enabled. Upgrading by default disables it. "L3 capability
will be disabled by default after upgrade or new install of 3.5(5), and
enabling the feature will require an update and reboot of the Clean Access
Server." Having L3 enabled by default opens a tremendous security hole with
users of routers. Due to the nature of NAT, only 1 user has to validate
behind the router thus any other devices are allowed out. This problem is
compounded when users bring wireless nat routers up.
Simon
>>> [log in to unmask] 9/6/2005 1:41 PM >>>
We are also having trouble with Agent 3.5.6 and the use of routers.
When
the user behind a wired or wireless router updates to v3.5.5, the "login"
remains greyed out, and they are unable to do the automatic upgrade to
v3.5.6 and cannot log in afterwards. They were fine under version 3.5.4!
This may be due to the new default stance for v3.5.5 servers is that support
for multi-hop L3 is off by default. Does anyone know if this must be
specifically enabled to allow the use of wireless or wired routers on a
managed network?
-Bill
Network Security Administrator
Housing Technology
Colorado State University
|
|
|