Virtual IP generates traffic to odd IPs


This article applies to:

  • R3000/8e6 Authenticator (authenticat.exe) 

Symptoms:

  • In your firewall logs (or something similar), you may see records of the R3000's virtual IP (the one configured for and used in authentication) trying to contact odd IPs, such as the 169.254.x.x or 192.168.x.x subnets when these subnets are not in use on your network.

Causes:

  • When authenticat.exe is run, it will try to authenticate any IP addresses that the invoking system has. This may include addresses on these "default" subnets if there are virtual NICs or other such things on the system. In turn, the R3000 will try to talk back to these IP addresses through the Virtual IP.  This will generate the traffic that you are seeing.

Resolution:

The easiest way to resolve this issue is to make authenticat not try to talk to the virtual IP if the users come from these invalid subnets. This can be done by adding some parameters to the line you use to run it.

For example, if you are simply using something like:
authenticat.exe RA[virtual ip]

then you would want to make it look like this:
authenticat.exe RA[virtual ip] RV[(192.168.0.0-192.168.255.255;127.0.0.1),(169.254.0.0-169.254.255.255;127.0.0.1)]

This will cause authenticat to try to contact the loopback address (and thus fail) when it detects an IP from an invalid subnet. This should stop the excess traffic.


Last Modified 6/4/2009.
https://support.trustwave.com/kb/KnowledgebaseArticle12779.aspx