reliably detecting the presence of a bridge?

• Previous message (by thread): reliably detecting the presence of a bridge?
• Next message (by thread): reliably detecting the presence of a bridge?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Dave Taht
Sent: Wednesday, December 16, 2015 4:37 AM
To: William Herrin <bill at herrin.us>
Cc: NANOG <nanog at nanog.org>
Subject: Re: reliably detecting the presence of a bridge?


The latter.

In this case a routing optimization that works well on wired links was enabled when there were wireless bridges on that segment, leading to some chaos in the originally referenced thread.


The "right", slower, inefficient on wired, routing metric is the ETX metric in that case, but knowing when to turn that on, automatically, would be nice... which means somehow detecting there was a wireless bridge on that network. So as no announcements of BPDUs are seen, I was hoping there was some sort of active query that could be made asking if there was anything weird and wireless nearby.....

https://nodes.wlan-si.net/topology/

----------------------------------------------------------------------------

Seems there are two possible ways to attach wireless clients to a wired network (at least 2 common ways).  A consumer-grade wireless router doing NAT, or a true layer 2 AP.  Assuming neither are sending BPDUs, there are a few ways to detect them I can think of, assuming you've got control of the switch they're attached to:

Wireless AP (L2 only) - port security limiting number of learnable MAC address per port is pretty easy.  In the case of UBNT you mentioned, it's even easier.  They use a discovery protocol (multicast I believe) and have CDP, both on by default.

NATing router - a little tougher to do.  Scanning your DCHP database or ARP/MAC tables for OUI that shouldn't be on the network - Linksys, D-Link, Netgear etc.  Or perhaps occasionally port-scan your network looking for open TCP/8080, I think that's the most common port for  managing these.  They may not respond on the WAN side if configured right, but the old default was on.  NMAP and its fingerprinting might come in handy too, if they're turned off access from the WAN side.

Chuck

• Previous message (by thread): reliably detecting the presence of a bridge?
• Next message (by thread): reliably detecting the presence of a bridge?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]